 @@ -1,28 +1,28 @@
-/*	$NetBSD: perform.c,v 1.70.4.19 2008/08/25 19:15:11 joerg Exp $	*/
+/*	$NetBSD: perform.c,v 1.70.4.20 2009/01/08 00:01:30 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.70.4.19 2008/08/25 19:15:11 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.70.4.20 2009/01/08 00:01:30 joerg Exp $");
 /*-
  * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org>
  * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org>
  * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org>
- * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>
+ * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
  *    the documentation and/or other materials provided with the
  *    distribution.
+ *
 @@ -1159,26 +1159,73 @@ check_signature(struct pkg_task *pkg, vo
 		fprintf(stderr, "Do you want to proceed with "
 		    "the installation of %s [y/n]?\n", pkg->pkgname);
 		line = fgetln(stdin, &len);
 		if (check_input(line, len)) {
 			fprintf(stderr, "Cancelling installation\n");
 			return 1;
+		}
 		return 0;
+	}
 	warnx("Unknown value of configuration variable VERIFIED_INSTALLATION");
 	return 1;
+}
 static int
 check_vulnerable(struct pkg_task *pkg)
+{
 	static struct pkg_vulnerabilities *pv;
 	size_t i;
 	int require_check;
 	char *line;
 	size_t len;
 	if (strcasecmp(check_vulnerabilities, "never") == 0)
 		return 0;
 	else if (strcasecmp(check_vulnerabilities, "always"))
 		require_check = 1;
 	else if (strcasecmp(check_vulnerabilities, "interactive"))
 		require_check = 0;
 	else {
 		warnx("Unknown value of the configuration variable"
 		    "CHECK_VULNERABILITIES");
 		return 1;
+	}
 	if (pv == NULL) {
 		pv = read_pkg_vulnerabilities(pkg_vulnerabilities_file,
 		    require_check, 0);
 		if (pv == NULL)
 			return require_check;
+	}
 	for (i = 0; i < pv->entries; ++i) {
 		if (!pkg_match(pv->vulnerability[i], pkg->pkgname))
 			continue;
 		if (strcmp("eol", pv->classification[i]) == 0)
 			continue;
 		warnx("Package %s has a %s vulnerability, see %s",
 		    pkg->pkgname, pv->classification[i], pv->advisory[i]);
 		fprintf(stderr, "Do you want to proceed with "
 		    "the installation of %s [y/n]?\n", pkg->pkgname);
 		line = fgetln(stdin, &len);
 		if (check_input(line, len)) {
 			fprintf(stderr, "Cancelling installation\n");
 			return 1;
+		}
 		return 0;
+	}
 	return 0;
+}
 /*
  * Install a single package.
  */
 static int
 pkg_do(const char *pkgpath, int mark_automatic)
+{
 	int status, invalid_sig;
 	void *archive_cookie;
 	void *signature_cookie;
 	struct pkg_task *pkg;
 	pkg = xcalloc(1, sizeof(*pkg));
 @@ -1197,26 +1244,29 @@ pkg_do(const char *pkgpath, int mark_aut
 	signature_cookie = NULL;
 #endif
 	if (read_meta_data(pkg))
 		goto clean_memory;
 	/* Parse PLIST early, so that messages can use real package name. */
 	if (pkg_parse_plist(pkg))
 		goto clean_memory;
 	if (check_signature(pkg, &signature_cookie, invalid_sig))
 		goto clean_memory;
 	if (check_vulnerable(pkg))
 		goto clean_memory;
 	if (pkg->meta_data.meta_mtree != NULL)
 		warnx("mtree specification in pkg `%s' ignored", pkg->pkgname);
 	if (pkg->meta_data.meta_views != NULL) {
 		pkg->logdir = xstrdup(pkg->prefix);
 		_pkgdb_setPKGDB_DIR(dirname_of(pkg->logdir));
 	} else {
 		pkg->logdir = xasprintf("%s/%s", _pkgdb_getPKGDB_DIR(),
 		    pkg->pkgname);
+	}
 	if (Destdir != NULL) {
 		pkg->install_logdir = xasprintf("%s/%s", Destdir, pkg->logdir);

 @@ -1,14 +1,14 @@
-/* $NetBSD: lib.h,v 1.42.2.16 2008/12/30 15:55:57 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.42.2.17 2009/01/08 00:01:31 joerg Exp $ */
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 /*
  * FreeBSD install - a package for the installation and maintainance
  * of non-core utilities.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -402,25 +402,26 @@ int detached_gpg_sign(const char *, size
 char *xstrdup(const char *);
 void *xrealloc(void *, size_t);
 void *xcalloc(size_t, size_t);
 void *xmalloc(size_t);
 char *xasprintf(const char *, ...);
 /* Externs */
 extern Boolean Verbose;
 extern Boolean Fake;
 extern Boolean Force;
 extern const char *cert_chain_file;
 extern const char *certs_packages;
 extern const char *certs_pkg_vulnerabilities;
 extern const char *check_vulnerabilities;
 extern const char *config_file;
 extern const char *verified_installation;
 extern const char *gpg_cmd;
 extern char fetch_flags[];
 extern const char *pkg_vulnerabilities_dir;
 extern const char *pkg_vulnerabilities_file;
 extern const char *pkg_vulnerabilities_url;
 extern const char *ignore_advisories;
 extern const char tnf_vulnerability_base[];
 #endif				/* _INST_LIB_LIB_H_ */

 @@ -1,24 +1,24 @@
-/*	$NetBSD: parse-config.c,v 1.1.2.5 2008/08/21 16:04:39 joerg Exp $	*/
+/*	$NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: parse-config.c,v 1.1.2.5 2008/08/21 16:04:39 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $");
 #endif
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -48,43 +48,45 @@ __RCSID("$NetBSD: parse-config.c,v 1.1.2
 #endif
 #include "lib.h"
 const char     *config_file = SYSCONFDIR"/pkg_install.conf";
 char fetch_flags[10];
 static const char *active_ftp;
 static const char *verbose_netio;
 static const char *ignore_proxy;
 const char *cert_chain_file;
 const char *certs_packages;
 const char *certs_pkg_vulnerabilities;
 const char *check_vulnerabilities;
 const char *verified_installation;
 const char *gpg_cmd;
 const char *pkg_vulnerabilities_dir;
 const char *pkg_vulnerabilities_file;
 const char *pkg_vulnerabilities_url;
 const char *ignore_advisories = NULL;
 const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns";
 static struct config_variable {
 	const char *name;
 	const char **var;
 } config_variables[] = {
 	{ "ACTIVE_FTP", &active_ftp },
 	{ "CERTIFICATE_ANCHOR_PKGS", &certs_packages },
 	{ "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities },
 	{ "CERTIFICATE_CHAIN", &cert_chain_file },
 	{ "CHECK_VULNERABILITIES", &check_vulnerabilities },
 	{ "GPG", &gpg_cmd },
 	{ "IGNORE_PROXY", &ignore_proxy },
 	{ "IGNORE_URL", &ignore_advisories },
 	{ "PKGVULNDIR", &pkg_vulnerabilities_dir },
 	{ "PKGVULNURL", &pkg_vulnerabilities_url },
 	{ "VERBOSE_NETIO", &verbose_netio },
 	{ "VERIFIED_INSTALLATION", &verified_installation },
 	{ NULL, NULL }
 };
 void
 pkg_install_config(void)
+{
 @@ -98,26 +100,29 @@ pkg_install_config(void)
+	}
 	if (pkg_vulnerabilities_dir == NULL)
 		pkg_vulnerabilities_dir = _pkgdb_getPKGDB_DIR();
 	pkg_vulnerabilities_file = xasprintf("%s/pkg-vulnerabilities",
 	    pkg_vulnerabilities_dir);
 	if (pkg_vulnerabilities_url == NULL) {
 		pkg_vulnerabilities_url = xasprintf("%s/pkg-vulnerabilities.gz",
 		    tnf_vulnerability_base);
+	}
 	if (verified_installation == NULL)
 		verified_installation = "never";
 	if (check_vulnerabilities == NULL)
 		check_vulnerabilities = "never";
 	snprintf(fetch_flags, sizeof(fetch_flags), "%s%s%s",
 	    (verbose_netio && *verbose_netio) ? "v" : "",
 	    (active_ftp && *active_ftp) ? "" : "p",
 	    (ignore_proxy && *ignore_proxy) ? "d" : "");
+}
 void
 pkg_install_show_variable(const char *var_name)
+{
 	struct config_variable *var;
 	for (var = config_variables; var->name != NULL; ++var) {
 		if (strcmp(var->name, var_name) != 0)

 @@ -1,43 +1,43 @@
-.\"	$NetBSD: pkg_install.conf.5,v 1.1.2.3 2008/08/21 16:10:01 joerg Exp $
+.\"	$NetBSD: pkg_install.conf.5,v 1.1.2.4 2009/01/08 00:01:31 joerg Exp $
 .\"
-.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
 .\" by Thomas Klausner.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 .\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 21, 2008
+.Dd January 8, 2009
 .Dt PKG_INSTALL.CONF 5
 .Os
 .Sh NAME
 .Nm pkg_install.conf
 .Nd configuration file for package installation tools
 .Sh DESCRIPTION
 The file
 .Nm
 contains system defaults for the package installation tools
 as a list of variable-value pairs.
 Each line has the format
 .Ev VARIABLE=VALUE .
 If the value consists of more than one line, each line is prefixed with
 @@ -57,26 +57,38 @@ A package is trusted when a certificate
 certificates contained in this file.
 The certificates must be PEM-encoded.
 .It Dv CERTIFICATE_ANCHOR_PKGVULN
 Analogous to
 .Dv CERTIFICATE_ANCHOR_PKGS .
 The
 .Pa pkg-vulnerabilities
 is trusted when a certificate chain ends in one of the certificates
 contained in this file.
 .It Dv CERTIFICATE_CHAIN
 Path to a file containing additional certificates that can be used
 for completing certicate chains when validating binary packages or
 pkg-vulnerabilities files.
 .Dv CHECK_VULNERABILITIES
 Check for vulnerabilities when installating packages.
 Supported values are:
 .Bl -tag -width interactiveXX
 .It Dv never
 No check is performed.
 .It Dv always
 Passing the vulnerability check is required.
 A missing pkg-vulnerabilities file is considered an error.
 .It Dv interactive
 The user is always asked to confirm installation of vulnerable packages.
 .El
 .It Dv GPG
 Deprecated.
 Path to
 .Xr gpg 1 ,
 which can be used to verify the signature in the
 .Pa pkg-vulnerabilities
 file when running
 .Dl Ic pkg_admin check-pkg-vulnerabilities -s
 or
 .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
 .It Dv IGNORE_PROXY
 Use direct connections and ignore
 .Ev FTP_PROXY

 @@ -21,27 +21,38 @@ DDEESSCCRRIIPPTTIIOONN
              Path to the file containing the certificates used for validating
              binary packages.  A package is trusted when a certificate chain
              ends in one of the certificates contained in this file.  The cer-
              tificates must be PEM-encoded.
      CERTIFICATE_ANCHOR_PKGVULN
              Analogous to CERTIFICATE_ANCHOR_PKGS.  The _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s is
              trusted when a certificate chain ends in one of the certificates
              contained in this file.
      CERTIFICATE_CHAIN
              Path to a file containing additional certificates that can be
              used for completing certicate chains when validating binary pack-
-             ages or pkg-vulnerabilities files.
+             ages or pkg-vulnerabilities files.  CHECK_VULNERABILITIES Check
              for vulnerabilities when installating packages.  Supported values
              are:
              never          No check is performed.
              always         Passing the vulnerability check is required.  A
                             missing pkg-vulnerabilities file is considered an
                             error.
              interactive    The user is always asked to confirm installation
                             of vulnerable packages.
      GPG     Deprecated.  Path to gpg(1), which can be used to verify the sig-
              nature in the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file when running
                    ppkkgg__aaddmmiinn cchheecckk--ppkkgg--vvuullnneerraabbiilliittiieess --ss
              or
                    ppkkgg__aaddmmiinn ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess --ss
      IGNORE_PROXY
              Use direct connections and ignore FTP_PROXY and HTTP_PROXY.
      IGNORE_URL
              One line per advisory which should be ignored when running
                    ppkkgg__aaddmmiinn aauuddiitt
 @@ -78,14 +89,14 @@ DDEESSCCRRIIPPTTIIOONN
                             package can not be verified, the user is asked
                             interactively.
              interactive    The user is always asked interactively when
                             installing a package.
 FFIILLEESS
      @SYSCONFDIR@/pkg_install.conf     Default location for the file described
                                        in this manual page.
 SSEEEE AALLSSOO
      pkg_add(1), pkg_admin(1)
-NetBSD 4.0                      August 21, 2008                     NetBSD 4.0
+NetBSD 5.0                      January 8, 2009                     NetBSD 5.0

 @@ -1,14 +1,14 @@
-/*	$NetBSD: version.h,v 1.102.2.19 2008/12/30 15:55:57 joerg Exp $	*/
+/*	$NetBSD: version.h,v 1.102.2.20 2009/01/08 00:01:31 joerg Exp $	*/
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
 @@ -17,16 +17,16 @@
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION "20081230"
+#define PKGTOOLS_VERSION "20090108"
 #endif /* _INST_LIB_VERSION_H_ */