Received: by mail.netbsd.org (Postfix, from userid 605) id 237B584D5D; Mon, 26 Feb 2018 23:45:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 8C1C184D52 for ; Mon, 26 Feb 2018 23:45:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id 1swo2eRRG14G for ; Mon, 26 Feb 2018 23:45:02 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 60BAB84D46 for ; Mon, 26 Feb 2018 23:45:02 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 5A287FB40; Mon, 26 Feb 2018 23:45:02 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1519688702191750" MIME-Version: 1.0 Date: Mon, 26 Feb 2018 23:45:02 +0000 From: "Brian Ginsbach" Subject: CVS commit: pkgsrc/pkgtools/pkg_install/files To: pkgsrc-changes@NetBSD.org Reply-To: ginsbach@netbsd.org X-Mailer: log_accum Message-Id: <20180226234502.5A287FB40@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1519688702191750 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: ginsbach Date: Mon Feb 26 23:45:02 UTC 2018 Modified Files: pkgsrc/pkgtools/pkg_install/files/add: perform.c pkgsrc/pkgtools/pkg_install/files/admin: audit.c main.c pkg_admin.1 pkg_admin.cat pkgsrc/pkgtools/pkg_install/files/lib: lib.h version.h vulnerabilities-file.c Log Message: pkg_install-20180226: - add option to include IGNORE_URL pkg_install.conf entries in audit but flagged as "ignored". - bump version to 20180226 To generate a diff of this commit: cvs rdiff -u -r1.109 -r1.110 pkgsrc/pkgtools/pkg_install/files/add/perform.c cvs rdiff -u -r1.17 -r1.18 pkgsrc/pkgtools/pkg_install/files/admin/audit.c cvs rdiff -u -r1.65 -r1.66 pkgsrc/pkgtools/pkg_install/files/admin/main.c cvs rdiff -u -r1.34 -r1.35 \ pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1 cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat cvs rdiff -u -r1.68 -r1.69 pkgsrc/pkgtools/pkg_install/files/lib/lib.h cvs rdiff -u -r1.172 -r1.173 pkgsrc/pkgtools/pkg_install/files/lib/version.h cvs rdiff -u -r1.9 -r1.10 \ pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1519688702191750 Content-Disposition: inline Content-Length: 12756 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/pkgtools/pkg_install/files/add/perform.c diff -u pkgsrc/pkgtools/pkg_install/files/add/perform.c:1.109 pkgsrc/pkgtools/pkg_install/files/add/perform.c:1.110 --- pkgsrc/pkgtools/pkg_install/files/add/perform.c:1.109 Wed Apr 19 21:42:50 2017 +++ pkgsrc/pkgtools/pkg_install/files/add/perform.c Mon Feb 26 23:45:01 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $ */ +/* $NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $ */ #if HAVE_CONFIG_H #include "config.h" #endif @@ -6,7 +6,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $"); +__RCSID("$NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $"); /*- * Copyright (c) 2003 Grant Beattie @@ -1318,7 +1318,7 @@ check_vulnerable(struct pkg_task *pkg) return require_check; } - if (!audit_package(pv, pkg->pkgname, NULL, 2)) + if (!audit_package(pv, pkg->pkgname, NULL, 0, 2)) return 0; if (require_check) Index: pkgsrc/pkgtools/pkg_install/files/admin/audit.c diff -u pkgsrc/pkgtools/pkg_install/files/admin/audit.c:1.17 pkgsrc/pkgtools/pkg_install/files/admin/audit.c:1.18 --- pkgsrc/pkgtools/pkg_install/files/admin/audit.c:1.17 Fri Feb 18 15:59:52 2011 +++ pkgsrc/pkgtools/pkg_install/files/admin/audit.c Mon Feb 26 23:45:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $ */ +/* $NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $ */ #if HAVE_CONFIG_H #include "config.h" @@ -7,7 +7,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $"); +__RCSID("$NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $"); /*- * Copyright (c) 2008 Joerg Sonnenberger . @@ -73,13 +73,14 @@ __RCSID("$NetBSD: audit.c,v 1.17 2011/02 #include "admin.h" #include "lib.h" +static int check_ignored_advisories = 0; static int check_signature = 0; static const char *limit_vul_types = NULL; static int update_pkg_vuln = 0; static struct pkg_vulnerabilities *pv; -static const char audit_options[] = "est:"; +static const char audit_options[] = "eist:"; static void parse_options(int argc, char **argv, const char *options) @@ -101,6 +102,9 @@ parse_options(int argc, char **argv, con case 'e': check_eol = "yes"; break; + case 'i': + check_ignored_advisories = 1; + break; case 's': check_signature = 1; break; @@ -122,7 +126,8 @@ parse_options(int argc, char **argv, con static int check_exact_pkg(const char *pkg) { - return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1); + return audit_package(pv, pkg, limit_vul_types, + check_ignored_advisories, quiet ? 0 : 1); } static int Index: pkgsrc/pkgtools/pkg_install/files/admin/main.c diff -u pkgsrc/pkgtools/pkg_install/files/admin/main.c:1.65 pkgsrc/pkgtools/pkg_install/files/admin/main.c:1.66 --- pkgsrc/pkgtools/pkg_install/files/admin/main.c:1.65 Wed Apr 19 21:42:50 2017 +++ pkgsrc/pkgtools/pkg_install/files/admin/main.c Mon Feb 26 23:45:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $ */ +/* $NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $ */ #if HAVE_CONFIG_H #include "config.h" @@ -7,7 +7,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $"); +__RCSID("$NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $"); /*- * Copyright (c) 1999-2009 The NetBSD Foundation, Inc. @@ -112,9 +112,9 @@ usage(void) " pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n" " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n" " check-pkg-vulnerabilities [-s] - check syntax and checksums of the vulnerability file\n" - " audit [-es] [-t type] ... - check installed packages for vulnerabilities\n" - " audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n" - " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n" + " audit [-eis] [-t type] ... - check installed packages for vulnerabilities\n" + " audit-pkg [-eis] [-t type] ... - check listed packages for vulnerabilities\n" + " audit-batch [-eis] [-t type] ... - check packages in listed files for vulnerabilities\n" " audit-history [-t type] ... - print all advisories for package names\n" " check-license - check if condition is acceptable\n" " check-single-license - check if license is acceptable\n" Index: pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1 diff -u pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1:1.34 pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1:1.35 --- pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1:1.34 Tue Dec 30 15:13:20 2014 +++ pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1 Mon Feb 26 23:45:02 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: pkg_admin.1,v 1.34 2014/12/30 15:13:20 wiz Exp $ +.\" $NetBSD: pkg_admin.1,v 1.35 2018/02/26 23:45:02 ginsbach Exp $ .\" .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -34,7 +34,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 27, 2014 +.Dd February 25, 2018 .Dt PKG_ADMIN 1 .Os .Sh NAME @@ -106,7 +106,7 @@ Be more verbose. .Pp The following commands are supported: .Bl -tag -width indent -.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... +.It Cm audit Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... Check the listed installed packages for vulnerabilities. If no package is given, check all installed packages. If @@ -118,16 +118,25 @@ option from with .Qq Li yes . If +.Fl i +is given, +any advisory ignored by +.Dv IGNORE_URL +in +.Xr pkg_install.conf 5 +is included but flagged as +.Qq ignored . +If .Fl s is given, check the signature of the pkg-vulnerabilities file before using it. .Fl t restricts the reported vulnerabilities to type .Ar type . -.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... +.It Cm audit-pkg Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... Like .Cm audit , but check only the given package names or patterns. -.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ... +.It Cm audit-batch Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ... Like .Cm audit-pkg , but read the package names or patterns one per line from the given files. Index: pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat diff -u pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat:1.3 pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat:1.4 --- pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat:1.3 Tue Dec 30 15:17:28 2014 +++ pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.cat Mon Feb 26 23:45:02 2018 @@ -47,18 +47,20 @@ OOPPTTIIOONNSS The following commands are supported: - aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ... + aauuddiitt [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ... Check the listed installed packages for vulnerabilities. If no package is given, check all installed packages. If --ee is given, override the CHECK_END_OF_LIFE option from pkg_install.conf(5) - with "yes". If --ss is given, check the signature of the pkg- - vulnerabilities file before using it. --tt restricts the reported - vulnerabilities to type _t_y_p_e. + with "yes". If --ii is given, any advisory ignored by IGNORE_URL + in pkg_install.conf(5) is included but flagged as "ignored". If + --ss is given, check the signature of the pkg-vulnerabilities file + before using it. --tt restricts the reported vulnerabilities to + type _t_y_p_e. - aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ... + aauuddiitt--ppkkgg [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ... Like aauuddiitt, but check only the given package names or patterns. - aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ... + aauuddiitt--bbaattcchh [--eeiiss] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ... Like aauuddiitt--ppkkgg, but read the package names or patterns one per line from the given files. @@ -204,4 +206,4 @@ HHIISSTTOORRYY AAUUTTHHOORRSS The ppkkgg__aaddmmiinn command was written by Hubert Feyrer. -pkgsrc December 27, 2014 pkgsrc +pkgsrc February 25, 2018 pkgsrc Index: pkgsrc/pkgtools/pkg_install/files/lib/lib.h diff -u pkgsrc/pkgtools/pkg_install/files/lib/lib.h:1.68 pkgsrc/pkgtools/pkg_install/files/lib/lib.h:1.69 --- pkgsrc/pkgtools/pkg_install/files/lib/lib.h:1.68 Wed Apr 19 21:42:50 2017 +++ pkgsrc/pkgtools/pkg_install/files/lib/lib.h Mon Feb 26 23:45:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */ +/* $NetBSD: lib.h,v 1.69 2018/02/26 23:45:02 ginsbach Exp $ */ /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ @@ -374,7 +374,7 @@ struct pkg_vulnerabilities *read_pkg_vul struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int); void free_pkg_vulnerabilities(struct pkg_vulnerabilities *); int audit_package(struct pkg_vulnerabilities *, const char *, const char *, - int); + int, int); /* Parse configuration file */ void pkg_install_config(void); Index: pkgsrc/pkgtools/pkg_install/files/lib/version.h diff -u pkgsrc/pkgtools/pkg_install/files/lib/version.h:1.172 pkgsrc/pkgtools/pkg_install/files/lib/version.h:1.173 --- pkgsrc/pkgtools/pkg_install/files/lib/version.h:1.172 Mon Oct 30 12:03:50 2017 +++ pkgsrc/pkgtools/pkg_install/files/lib/version.h Mon Feb 26 23:45:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: version.h,v 1.172 2017/10/30 12:03:50 jperkin Exp $ */ +/* $NetBSD: version.h,v 1.173 2018/02/26 23:45:02 ginsbach Exp $ */ /* * Copyright (c) 2001 Thomas Klausner. All rights reserved. @@ -27,6 +27,6 @@ #ifndef _INST_LIB_VERSION_H_ #define _INST_LIB_VERSION_H_ -#define PKGTOOLS_VERSION 20171030 +#define PKGTOOLS_VERSION 20180226 #endif /* _INST_LIB_VERSION_H_ */ Index: pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c diff -u pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c:1.9 pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c:1.10 --- pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c:1.9 Wed Apr 19 21:42:50 2017 +++ pkgsrc/pkgtools/pkg_install/files/lib/vulnerabilities-file.c Mon Feb 26 23:45:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $ */ +/* $NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $ */ /*- * Copyright (c) 2008, 2010 Joerg Sonnenberger . @@ -38,7 +38,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $"); +__RCSID("$NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $"); #if HAVE_SYS_STAT_H #include @@ -608,18 +608,19 @@ check_ignored_entry(struct pkg_vulnerabi int audit_package(struct pkg_vulnerabilities *pv, const char *pkgname, - const char *limit_vul_types, int output_type) + const char *limit_vul_types, int include_ignored, int output_type) { FILE *output = output_type == 1 ? stdout : stderr; size_t i; - int retval, do_eol; + int retval, do_eol, ignored; retval = 0; do_eol = (strcasecmp(check_eol, "yes") == 0); for (i = 0; i < pv->entries; ++i) { - if (check_ignored_entry(pv, i)) + ignored = check_ignored_entry(pv, i); + if (ignored && !include_ignored) continue; if (limit_vul_types != NULL && strcmp(limit_vul_types, pv->classification[i])) @@ -642,11 +643,13 @@ audit_package(struct pkg_vulnerabilities } retval = 1; if (output_type == 0) { - puts(pkgname); + fprintf(stdout, "%s%s\n", + pkgname, ignored ? " (ignored)" : ""); } else { fprintf(output, - "Package %s has a %s vulnerability, see %s\n", - pkgname, pv->classification[i], pv->advisory[i]); + "Package %s has a%s %s vulnerability, see %s\n", + pkgname, ignored ? "n ignored" : "", + pv->classification[i], pv->advisory[i]); } } return retval; --_----------=_1519688702191750--