pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files pkg_install-20180226:
details: https://anonhg.NetBSD.org/pkgsrc/rev/d040513b6ae9
branches: trunk
changeset: 376203:d040513b6ae9
user: ginsbach <ginsbach%pkgsrc.org@localhost>
date: Mon Feb 26 23:45:01 2018 +0000
description:
pkg_install-20180226:
- add option to include IGNORE_URL pkg_install.conf entries in audit
but flagged as "ignored".
- bump version to 20180226
diffstat:
pkgtools/pkg_install/files/add/perform.c | 6 +++---
pkgtools/pkg_install/files/admin/audit.c | 13 +++++++++----
pkgtools/pkg_install/files/admin/main.c | 10 +++++-----
pkgtools/pkg_install/files/admin/pkg_admin.1 | 19 ++++++++++++++-----
pkgtools/pkg_install/files/admin/pkg_admin.cat | 16 +++++++++-------
pkgtools/pkg_install/files/lib/lib.h | 4 ++--
pkgtools/pkg_install/files/lib/version.h | 4 ++--
pkgtools/pkg_install/files/lib/vulnerabilities-file.c | 19 +++++++++++--------
8 files changed, 55 insertions(+), 36 deletions(-)
diffs (296 lines):
diff -r 88f0a97edcc9 -r d040513b6ae9 pkgtools/pkg_install/files/add/perform.c
--- a/pkgtools/pkg_install/files/add/perform.c Mon Feb 26 22:51:42 2018 +0000
+++ b/pkgtools/pkg_install/files/add/perform.c Mon Feb 26 23:45:01 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -6,7 +6,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $");
/*-
* Copyright (c) 2003 Grant Beattie <grant%NetBSD.org@localhost>
@@ -1318,7 +1318,7 @@
return require_check;
}
- if (!audit_package(pv, pkg->pkgname, NULL, 2))
+ if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
return 0;
if (require_check)
diff -r 88f0a97edcc9 -r d040513b6ae9 pkgtools/pkg_install/files/admin/audit.c
--- a/pkgtools/pkg_install/files/admin/audit.c Mon Feb 26 22:51:42 2018 +0000
+++ b/pkgtools/pkg_install/files/admin/audit.c Mon Feb 26 23:45:01 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $ */
+/* $NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $");
+__RCSID("$NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $");
/*-
* Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -73,13 +73,14 @@
#include "admin.h"
#include "lib.h"
+static int check_ignored_advisories = 0;
static int check_signature = 0;
static const char *limit_vul_types = NULL;
static int update_pkg_vuln = 0;
static struct pkg_vulnerabilities *pv;
-static const char audit_options[] = "est:";
+static const char audit_options[] = "eist:";
static void
parse_options(int argc, char **argv, const char *options)
@@ -101,6 +102,9 @@
case 'e':
check_eol = "yes";
break;
+ case 'i':
+ check_ignored_advisories = 1;
+ break;
case 's':
check_signature = 1;
break;
@@ -122,7 +126,8 @@
static int
check_exact_pkg(const char *pkg)
{
- return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1);
+ return audit_package(pv, pkg, limit_vul_types,
+ check_ignored_advisories, quiet ? 0 : 1);
}
static int
diff -r 88f0a97edcc9 -r d040513b6ae9 pkgtools/pkg_install/files/admin/main.c
--- a/pkgtools/pkg_install/files/admin/main.c Mon Feb 26 22:51:42 2018 +0000
+++ b/pkgtools/pkg_install/files/admin/main.c Mon Feb 26 23:45:01 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $");
/*-
* Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
@@ -112,9 +112,9 @@
" pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n"
" fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n"
" check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n"
- " audit [-es] [-t type] ... - check installed packages for vulnerabilities\n"
- " audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n"
- " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
+ " audit [-eis] [-t type] ... - check installed packages for vulnerabilities\n"
+ " audit-pkg [-eis] [-t type] ... - check listed packages for vulnerabilities\n"
+ " audit-batch [-eis] [-t type] ... - check packages in listed files for vulnerabilities\n"
" audit-history [-t type] ... - print all advisories for package names\n"
" check-license <condition> - check if condition is acceptable\n"
" check-single-license <license> - check if license is acceptable\n"
diff -r 88f0a97edcc9 -r d040513b6ae9 pkgtools/pkg_install/files/admin/pkg_admin.1
--- a/pkgtools/pkg_install/files/admin/pkg_admin.1 Mon Feb 26 22:51:42 2018 +0000
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.1 Mon Feb 26 23:45:01 2018 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_admin.1,v 1.34 2014/12/30 15:13:20 wiz Exp $
+.\" $NetBSD: pkg_admin.1,v 1.35 2018/02/26 23:45:02 ginsbach Exp $
.\"
.\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -34,7 +34,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd December 27, 2014
+.Dd February 25, 2018
.Dt PKG_ADMIN 1
.Os
.Sh NAME
@@ -106,7 +106,7 @@
.Pp
The following commands are supported:
.Bl -tag -width indent
-.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
Check the listed installed packages for vulnerabilities.
If no package is given, check all installed packages.
If
@@ -118,16 +118,25 @@
with
.Qq Li yes .
If
+.Fl i
+is given,
+any advisory ignored by
+.Dv IGNORE_URL
+in
+.Xr pkg_install.conf 5
+is included but flagged as
+.Qq ignored .
+If
.Fl s
is given, check the signature of the pkg-vulnerabilities file before using it.
.Fl t
restricts the reported vulnerabilities to type
.Ar type .
-.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit-pkg Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
Like
.Cm audit ,
but check only the given package names or patterns.
-.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
+.It Cm audit-batch Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
Like
.Cm audit-pkg ,
but read the package names or patterns one per line from the given files.
diff -r 88f0a97edcc9 -r d040513b6ae9 pkgtools/pkg_install/files/admin/pkg_admin.cat
--- a/pkgtools/pkg_install/files/admin/pkg_admin.cat Mon Feb 26 22:51:42 2018 +0000
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat Mon Feb 26 23:45:01 2018 +0000
@@ -47,18 +47,20 @@
The following commands are supported:
- aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+ aauuddiitt [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ...
Check the listed installed packages for vulnerabilities. If no
package is given, check all installed packages. If --ee is given,
override the CHECK_END_OF_LIFE option from pkg_install.conf(5)
- with "yes". If --ss is given, check the signature of the pkg-
- vulnerabilities file before using it. --tt restricts the reported
- vulnerabilities to type _t_y_p_e.
+ with "yes". If --ii is given, any advisory ignored by IGNORE_URL
+ in pkg_install.conf(5) is included but flagged as "ignored". If
+ --ss is given, check the signature of the pkg-vulnerabilities file
+ before using it. --tt restricts the reported vulnerabilities to
+ type _t_y_p_e.
- aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+ aauuddiitt--ppkkgg [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ...
Like aauuddiitt, but check only the given package names or patterns.
- aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
+ aauuddiitt--bbaattcchh [--eeiiss] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
Like aauuddiitt--ppkkgg, but read the package names or patterns one per
line from the given files.
@@ -204,4 +206,4 @@
AAUUTTHHOORRSS
The ppkkgg__aaddmmiinn command was written by Hubert Feyrer.
-pkgsrc December 27, 2014 pkgsrc
+pkgsrc February 25, 2018 pkgsrc
diff -r 88f0a97edcc9 -r d040513b6ae9 pkgtools/pkg_install/files/lib/lib.h
--- a/pkgtools/pkg_install/files/lib/lib.h Mon Feb 26 22:51:42 2018 +0000
+++ b/pkgtools/pkg_install/files/lib/lib.h Mon Feb 26 23:45:01 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.69 2018/02/26 23:45:02 ginsbach Exp $ */
/* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
@@ -374,7 +374,7 @@
struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int);
void free_pkg_vulnerabilities(struct pkg_vulnerabilities *);
int audit_package(struct pkg_vulnerabilities *, const char *, const char *,
- int);
+ int, int);
/* Parse configuration file */
void pkg_install_config(void);
diff -r 88f0a97edcc9 -r d040513b6ae9 pkgtools/pkg_install/files/lib/version.h
--- a/pkgtools/pkg_install/files/lib/version.h Mon Feb 26 22:51:42 2018 +0000
+++ b/pkgtools/pkg_install/files/lib/version.h Mon Feb 26 23:45:01 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: version.h,v 1.172 2017/10/30 12:03:50 jperkin Exp $ */
+/* $NetBSD: version.h,v 1.173 2018/02/26 23:45:02 ginsbach Exp $ */
/*
* Copyright (c) 2001 Thomas Klausner. All rights reserved.
@@ -27,6 +27,6 @@
#ifndef _INST_LIB_VERSION_H_
#define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION 20171030
+#define PKGTOOLS_VERSION 20180226
#endif /* _INST_LIB_VERSION_H_ */
diff -r 88f0a97edcc9 -r d040513b6ae9 pkgtools/pkg_install/files/lib/vulnerabilities-file.c
--- a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c Mon Feb 26 22:51:42 2018 +0000
+++ b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c Mon Feb 26 23:45:01 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $ */
/*-
* Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -38,7 +38,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $");
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
@@ -608,18 +608,19 @@
int
audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
- const char *limit_vul_types, int output_type)
+ const char *limit_vul_types, int include_ignored, int output_type)
{
FILE *output = output_type == 1 ? stdout : stderr;
size_t i;
- int retval, do_eol;
+ int retval, do_eol, ignored;
retval = 0;
do_eol = (strcasecmp(check_eol, "yes") == 0);
for (i = 0; i < pv->entries; ++i) {
- if (check_ignored_entry(pv, i))
+ ignored = check_ignored_entry(pv, i);
+ if (ignored && !include_ignored)
continue;
if (limit_vul_types != NULL &&
strcmp(limit_vul_types, pv->classification[i]))
@@ -642,11 +643,13 @@
}
retval = 1;
if (output_type == 0) {
- puts(pkgname);
+ fprintf(stdout, "%s%s\n",
+ pkgname, ignored ? " (ignored)" : "");
} else {
fprintf(output,
- "Package %s has a %s vulnerability, see %s\n",
- pkgname, pv->classification[i], pv->advisory[i]);
+ "Package %s has a%s %s vulnerability, see %s\n",
+ pkgname, ignored ? "n ignored" : "",
+ pv->classification[i], pv->advisory[i]);
}
}
return retval;
Home |
Main Index |
Thread Index |
Old Index