pkg_install-20180226: - add option to include IGNORE_URL pkg_install.conf entries in audit but flagged as "ignored". - bump version to 20180226diff -r1.109 -r1.110 pkgsrc/pkgtools/pkg_install/files/add/perform.c
(ginsbach)
@@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
1 | /* $NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $ */ | 1 | /* $NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $ */ | |
2 | #if HAVE_CONFIG_H | 2 | #if HAVE_CONFIG_H | |
3 | #include "config.h" | 3 | #include "config.h" | |
4 | #endif | 4 | #endif | |
5 | #include <nbcompat.h> | 5 | #include <nbcompat.h> | |
6 | #if HAVE_SYS_CDEFS_H | 6 | #if HAVE_SYS_CDEFS_H | |
7 | #include <sys/cdefs.h> | 7 | #include <sys/cdefs.h> | |
8 | #endif | 8 | #endif | |
9 | __RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $"); | 9 | __RCSID("$NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $"); | |
10 | 10 | |||
11 | /*- | 11 | /*- | |
12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | 12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | |
13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | 13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | |
14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | 14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | |
15 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org> | 15 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org> | |
16 | * Copyright (c) 2010 Thomas Klausner <wiz@NetBSD.org> | 16 | * Copyright (c) 2010 Thomas Klausner <wiz@NetBSD.org> | |
17 | * All rights reserved. | 17 | * All rights reserved. | |
18 | * | 18 | * | |
19 | * Redistribution and use in source and binary forms, with or without | 19 | * Redistribution and use in source and binary forms, with or without | |
20 | * modification, are permitted provided that the following conditions | 20 | * modification, are permitted provided that the following conditions | |
21 | * are met: | 21 | * are met: | |
22 | * | 22 | * | |
@@ -1308,27 +1308,27 @@ check_vulnerable(struct pkg_task *pkg) | @@ -1308,27 +1308,27 @@ check_vulnerable(struct pkg_task *pkg) | |||
1308 | else { | 1308 | else { | |
1309 | warnx("Unknown value of the configuration variable" | 1309 | warnx("Unknown value of the configuration variable" | |
1310 | "CHECK_VULNERABILITIES"); | 1310 | "CHECK_VULNERABILITIES"); | |
1311 | return 1; | 1311 | return 1; | |
1312 | } | 1312 | } | |
1313 | 1313 | |||
1314 | if (pv == NULL) { | 1314 | if (pv == NULL) { | |
1315 | pv = read_pkg_vulnerabilities_file(pkg_vulnerabilities_file, | 1315 | pv = read_pkg_vulnerabilities_file(pkg_vulnerabilities_file, | |
1316 | require_check, 0); | 1316 | require_check, 0); | |
1317 | if (pv == NULL) | 1317 | if (pv == NULL) | |
1318 | return require_check; | 1318 | return require_check; | |
1319 | } | 1319 | } | |
1320 | 1320 | |||
1321 | if (!audit_package(pv, pkg->pkgname, NULL, 2)) | 1321 | if (!audit_package(pv, pkg->pkgname, NULL, 0, 2)) | |
1322 | return 0; | 1322 | return 0; | |
1323 | 1323 | |||
1324 | if (require_check) | 1324 | if (require_check) | |
1325 | return 1; | 1325 | return 1; | |
1326 | 1326 | |||
1327 | fprintf(stderr, "Do you want to proceed with the installation of %s" | 1327 | fprintf(stderr, "Do you want to proceed with the installation of %s" | |
1328 | " [y/n]?\n", pkg->pkgname); | 1328 | " [y/n]?\n", pkg->pkgname); | |
1329 | line = fgetln(stdin, &len); | 1329 | line = fgetln(stdin, &len); | |
1330 | if (check_input(line, len)) { | 1330 | if (check_input(line, len)) { | |
1331 | fprintf(stderr, "Cancelling installation\n"); | 1331 | fprintf(stderr, "Cancelling installation\n"); | |
1332 | return 1; | 1332 | return 1; | |
1333 | } | 1333 | } | |
1334 | return 0; | 1334 | return 0; |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $ */ | 1 | /* $NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $"); | 10 | __RCSID("$NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * Redistribution and use in source and binary forms, with or without | 16 | * Redistribution and use in source and binary forms, with or without | |
17 | * modification, are permitted provided that the following conditions | 17 | * modification, are permitted provided that the following conditions | |
18 | * are met: | 18 | * are met: | |
19 | * | 19 | * | |
20 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in | 23 | * notice, this list of conditions and the following disclaimer in | |
@@ -63,76 +63,81 @@ __RCSID("$NetBSD: audit.c,v 1.17 2011/02 | @@ -63,76 +63,81 @@ __RCSID("$NetBSD: audit.c,v 1.17 2011/02 | |||
63 | #include <string.h> | 63 | #include <string.h> | |
64 | #endif | 64 | #endif | |
65 | #ifdef NETBSD | 65 | #ifdef NETBSD | |
66 | #include <unistd.h> | 66 | #include <unistd.h> | |
67 | #else | 67 | #else | |
68 | #include <nbcompat/unistd.h> | 68 | #include <nbcompat/unistd.h> | |
69 | #endif | 69 | #endif | |
70 | 70 | |||
71 | #include <fetch.h> | 71 | #include <fetch.h> | |
72 | 72 | |||
73 | #include "admin.h" | 73 | #include "admin.h" | |
74 | #include "lib.h" | 74 | #include "lib.h" | |
75 | 75 | |||
76 | static int check_ignored_advisories = 0; | |||
76 | static int check_signature = 0; | 77 | static int check_signature = 0; | |
77 | static const char *limit_vul_types = NULL; | 78 | static const char *limit_vul_types = NULL; | |
78 | static int update_pkg_vuln = 0; | 79 | static int update_pkg_vuln = 0; | |
79 | 80 | |||
80 | static struct pkg_vulnerabilities *pv; | 81 | static struct pkg_vulnerabilities *pv; | |
81 | 82 | |||
82 | static const char audit_options[] = "est:"; | 83 | static const char audit_options[] = "eist:"; | |
83 | 84 | |||
84 | static void | 85 | static void | |
85 | parse_options(int argc, char **argv, const char *options) | 86 | parse_options(int argc, char **argv, const char *options) | |
86 | { | 87 | { | |
87 | int ch; | 88 | int ch; | |
88 | 89 | |||
89 | optreset = 1; | 90 | optreset = 1; | |
90 | /* | 91 | /* | |
91 | * optind == 0 is interpreted as partial reset request | 92 | * optind == 0 is interpreted as partial reset request | |
92 | * by GNU getopt, so compensate against this and cleanup | 93 | * by GNU getopt, so compensate against this and cleanup | |
93 | * at the end. | 94 | * at the end. | |
94 | */ | 95 | */ | |
95 | optind = 1; | 96 | optind = 1; | |
96 | ++argc; | 97 | ++argc; | |
97 | --argv; | 98 | --argv; | |
98 | 99 | |||
99 | while ((ch = getopt(argc, argv, options)) != -1) { | 100 | while ((ch = getopt(argc, argv, options)) != -1) { | |
100 | switch (ch) { | 101 | switch (ch) { | |
101 | case 'e': | 102 | case 'e': | |
102 | check_eol = "yes"; | 103 | check_eol = "yes"; | |
103 | break; | 104 | break; | |
105 | case 'i': | |||
106 | check_ignored_advisories = 1; | |||
107 | break; | |||
104 | case 's': | 108 | case 's': | |
105 | check_signature = 1; | 109 | check_signature = 1; | |
106 | break; | 110 | break; | |
107 | case 't': | 111 | case 't': | |
108 | limit_vul_types = optarg; | 112 | limit_vul_types = optarg; | |
109 | break; | 113 | break; | |
110 | case 'u': | 114 | case 'u': | |
111 | update_pkg_vuln = 1; | 115 | update_pkg_vuln = 1; | |
112 | break; | 116 | break; | |
113 | default: | 117 | default: | |
114 | usage(); | 118 | usage(); | |
115 | /* NOTREACHED */ | 119 | /* NOTREACHED */ | |
116 | } | 120 | } | |
117 | } | 121 | } | |
118 | 122 | |||
119 | --optind; /* See above comment. */ | 123 | --optind; /* See above comment. */ | |
120 | } | 124 | } | |
121 | 125 | |||
122 | static int | 126 | static int | |
123 | check_exact_pkg(const char *pkg) | 127 | check_exact_pkg(const char *pkg) | |
124 | { | 128 | { | |
125 | return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1); | 129 | return audit_package(pv, pkg, limit_vul_types, | |
130 | check_ignored_advisories, quiet ? 0 : 1); | |||
126 | } | 131 | } | |
127 | 132 | |||
128 | static int | 133 | static int | |
129 | check_batch_exact_pkgs(const char *fname) | 134 | check_batch_exact_pkgs(const char *fname) | |
130 | { | 135 | { | |
131 | FILE *f; | 136 | FILE *f; | |
132 | char buf[4096], *line, *eol; | 137 | char buf[4096], *line, *eol; | |
133 | int ret; | 138 | int ret; | |
134 | 139 | |||
135 | ret = 0; | 140 | ret = 0; | |
136 | if (strcmp(fname, "-") == 0) | 141 | if (strcmp(fname, "-") == 0) | |
137 | f = stdin; | 142 | f = stdin; | |
138 | else { | 143 | else { |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $ */ | 1 | /* $NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $"); | 10 | __RCSID("$NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 1999-2009 The NetBSD Foundation, Inc. | 13 | * Copyright (c) 1999-2009 The NetBSD Foundation, Inc. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * This code is derived from software contributed to The NetBSD Foundation | 16 | * This code is derived from software contributed to The NetBSD Foundation | |
17 | * by Hubert Feyrer <hubert@feyrer.de> and | 17 | * by Hubert Feyrer <hubert@feyrer.de> and | |
18 | * by Joerg Sonnenberger <joerg@NetBSD.org>. | 18 | * by Joerg Sonnenberger <joerg@NetBSD.org>. | |
19 | * | 19 | * | |
20 | * Redistribution and use in source and binary forms, with or without | 20 | * Redistribution and use in source and binary forms, with or without | |
21 | * modification, are permitted provided that the following conditions | 21 | * modification, are permitted provided that the following conditions | |
22 | * are met: | 22 | * are met: | |
23 | * 1. Redistributions of source code must retain the above copyright | 23 | * 1. Redistributions of source code must retain the above copyright | |
@@ -102,29 +102,29 @@ usage(void) | @@ -102,29 +102,29 @@ usage(void) | |||
102 | "Where 'commands' and 'args' are:\n" | 102 | "Where 'commands' and 'args' are:\n" | |
103 | " rebuild - rebuild pkgdb from +CONTENTS files\n" | 103 | " rebuild - rebuild pkgdb from +CONTENTS files\n" | |
104 | " rebuild-tree - rebuild +REQUIRED_BY files from forward deps\n" | 104 | " rebuild-tree - rebuild +REQUIRED_BY files from forward deps\n" | |
105 | " check [pkg ...] - check md5 checksum of installed files\n" | 105 | " check [pkg ...] - check md5 checksum of installed files\n" | |
106 | " add pkg ... - add pkg files to database\n" | 106 | " add pkg ... - add pkg files to database\n" | |
107 | " set variable=value pkg ... - set installation variable for package\n" | 107 | " set variable=value pkg ... - set installation variable for package\n" | |
108 | " unset variable pkg ... - unset installation variable for package\n" | 108 | " unset variable pkg ... - unset installation variable for package\n" | |
109 | " lsall /path/to/pkgpattern - list all pkgs matching the pattern\n" | 109 | " lsall /path/to/pkgpattern - list all pkgs matching the pattern\n" | |
110 | " lsbest /path/to/pkgpattern - list pkgs matching the pattern best\n" | 110 | " lsbest /path/to/pkgpattern - list pkgs matching the pattern best\n" | |
111 | " dump - dump database\n" | 111 | " dump - dump database\n" | |
112 | " pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n" | 112 | " pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n" | |
113 | " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n" | 113 | " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n" | |
114 | " check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n" | 114 | " check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n" | |
115 | " audit [-es] [-t type] ... - check installed packages for vulnerabilities\n" | 115 | " audit [-eis] [-t type] ... - check installed packages for vulnerabilities\n" | |
116 | " audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n" | 116 | " audit-pkg [-eis] [-t type] ... - check listed packages for vulnerabilities\n" | |
117 | " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n" | 117 | " audit-batch [-eis] [-t type] ... - check packages in listed files for vulnerabilities\n" | |
118 | " audit-history [-t type] ... - print all advisories for package names\n" | 118 | " audit-history [-t type] ... - print all advisories for package names\n" | |
119 | " check-license <condition> - check if condition is acceptable\n" | 119 | " check-license <condition> - check if condition is acceptable\n" | |
120 | " check-single-license <license> - check if license is acceptable\n" | 120 | " check-single-license <license> - check if license is acceptable\n" | |
121 | " config-var name - print current value of the configuration variable\n" | 121 | " config-var name - print current value of the configuration variable\n" | |
122 | " check-signature ... - verify the signature of packages\n" | 122 | " check-signature ... - verify the signature of packages\n" | |
123 | " x509-sign-package pkg spkg key cert - create X509 signature\n" | 123 | " x509-sign-package pkg spkg key cert - create X509 signature\n" | |
124 | " gpg-sign-package pkg spkg - create GPG signature\n", | 124 | " gpg-sign-package pkg spkg - create GPG signature\n", | |
125 | getprogname()); | 125 | getprogname()); | |
126 | exit(EXIT_FAILURE); | 126 | exit(EXIT_FAILURE); | |
127 | } | 127 | } | |
128 | 128 | |||
129 | /* | 129 | /* | |
130 | * add1pkg(<pkg>) | 130 | * add1pkg(<pkg>) |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | .\" $NetBSD: pkg_admin.1,v 1.34 2014/12/30 15:13:20 wiz Exp $ | 1 | .\" $NetBSD: pkg_admin.1,v 1.35 2018/02/26 23:45:02 ginsbach Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc. | 3 | .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc. | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | 6 | .\" This code is derived from software contributed to The NetBSD Foundation | |
7 | .\" by Hubert Feyrer <hubert@feyrer.de>. | 7 | .\" by Hubert Feyrer <hubert@feyrer.de>. | |
8 | .\" | 8 | .\" | |
9 | .\" Redistribution and use in source and binary forms, with or without | 9 | .\" Redistribution and use in source and binary forms, with or without | |
10 | .\" modification, are permitted provided that the following conditions | 10 | .\" modification, are permitted provided that the following conditions | |
11 | .\" are met: | 11 | .\" are met: | |
12 | .\" 1. Redistributions of source code must retain the above copyright | 12 | .\" 1. Redistributions of source code must retain the above copyright | |
13 | .\" notice, this list of conditions and the following disclaimer. | 13 | .\" notice, this list of conditions and the following disclaimer. | |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
@@ -24,27 +24,27 @@ | @@ -24,27 +24,27 @@ | |||
24 | .\" | 24 | .\" | |
25 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | 25 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | |
26 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 26 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
27 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 27 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
28 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 28 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
29 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 29 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
30 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 30 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
31 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 31 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
32 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 32 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
33 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 33 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
34 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 34 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
35 | .\" POSSIBILITY OF SUCH DAMAGE. | 35 | .\" POSSIBILITY OF SUCH DAMAGE. | |
36 | .\" | 36 | .\" | |
37 | .Dd December 27, 2014 | 37 | .Dd February 25, 2018 | |
38 | .Dt PKG_ADMIN 1 | 38 | .Dt PKG_ADMIN 1 | |
39 | .Os | 39 | .Os | |
40 | .Sh NAME | 40 | .Sh NAME | |
41 | .Nm pkg_admin | 41 | .Nm pkg_admin | |
42 | .Nd perform various administrative tasks to the pkg system | 42 | .Nd perform various administrative tasks to the pkg system | |
43 | .Sh SYNOPSIS | 43 | .Sh SYNOPSIS | |
44 | .Nm | 44 | .Nm | |
45 | .Op Fl bqSVv | 45 | .Op Fl bqSVv | |
46 | .Op Fl C Ar config | 46 | .Op Fl C Ar config | |
47 | .Op Fl d Ar lsdir | 47 | .Op Fl d Ar lsdir | |
48 | .Op Fl K Ar pkg_dbdir | 48 | .Op Fl K Ar pkg_dbdir | |
49 | .Op Fl s Ar sfx_pattern | 49 | .Op Fl s Ar sfx_pattern | |
50 | .Ar command Op args ... | 50 | .Ar command Op args ... | |
@@ -96,48 +96,57 @@ Set the shell glob pattern for package s | @@ -96,48 +96,57 @@ Set the shell glob pattern for package s | |||
96 | names for | 96 | names for | |
97 | .Cm lsall | 97 | .Cm lsall | |
98 | and | 98 | and | |
99 | .Cm lsbest . | 99 | .Cm lsbest . | |
100 | The default pattern is ".t[bg]z". | 100 | The default pattern is ".t[bg]z". | |
101 | .It Fl V | 101 | .It Fl V | |
102 | Print version number and exit. | 102 | Print version number and exit. | |
103 | .It Fl v | 103 | .It Fl v | |
104 | Be more verbose. | 104 | Be more verbose. | |
105 | .El | 105 | .El | |
106 | .Pp | 106 | .Pp | |
107 | The following commands are supported: | 107 | The following commands are supported: | |
108 | .Bl -tag -width indent | 108 | .Bl -tag -width indent | |
109 | .It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... | 109 | .It Cm audit Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... | |
110 | Check the listed installed packages for vulnerabilities. | 110 | Check the listed installed packages for vulnerabilities. | |
111 | If no package is given, check all installed packages. | 111 | If no package is given, check all installed packages. | |
112 | If | 112 | If | |
113 | .Fl e | 113 | .Fl e | |
114 | is given, override the | 114 | is given, override the | |
115 | .Dv CHECK_END_OF_LIFE | 115 | .Dv CHECK_END_OF_LIFE | |
116 | option from | 116 | option from | |
117 | .Xr pkg_install.conf 5 | 117 | .Xr pkg_install.conf 5 | |
118 | with | 118 | with | |
119 | .Qq Li yes . | 119 | .Qq Li yes . | |
120 | If | 120 | If | |
121 | .Fl i | |||
122 | is given, | |||
123 | any advisory ignored by | |||
124 | .Dv IGNORE_URL | |||
125 | in | |||
126 | .Xr pkg_install.conf 5 | |||
127 | is included but flagged as | |||
128 | .Qq ignored . | |||
129 | If | |||
121 | .Fl s | 130 | .Fl s | |
122 | is given, check the signature of the pkg-vulnerabilities file before using it. | 131 | is given, check the signature of the pkg-vulnerabilities file before using it. | |
123 | .Fl t | 132 | .Fl t | |
124 | restricts the reported vulnerabilities to type | 133 | restricts the reported vulnerabilities to type | |
125 | .Ar type . | 134 | .Ar type . | |
126 | .It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... | 135 | .It Cm audit-pkg Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... | |
127 | Like | 136 | Like | |
128 | .Cm audit , | 137 | .Cm audit , | |
129 | but check only the given package names or patterns. | 138 | but check only the given package names or patterns. | |
130 | .It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ... | 139 | .It Cm audit-batch Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ... | |
131 | Like | 140 | Like | |
132 | .Cm audit-pkg , | 141 | .Cm audit-pkg , | |
133 | but read the package names or patterns one per line from the given files. | 142 | but read the package names or patterns one per line from the given files. | |
134 | .It Cm audit-history Oo Fl s Oc Oo Fl t Ar type Oc Oo Ar pkgbase Oc ... | 143 | .It Cm audit-history Oo Fl s Oc Oo Fl t Ar type Oc Oo Ar pkgbase Oc ... | |
135 | Print all vulnerabilities for the given base package names. | 144 | Print all vulnerabilities for the given base package names. | |
136 | .It Cm check Op Ar pkg ... | 145 | .It Cm check Op Ar pkg ... | |
137 | Use this command to check the files belonging to some or all of the | 146 | Use this command to check the files belonging to some or all of the | |
138 | packages installed on the local machine against the checksum | 147 | packages installed on the local machine against the checksum | |
139 | which was recorded in the | 148 | which was recorded in the | |
140 | .Pa +CONTENTS | 149 | .Pa +CONTENTS | |
141 | files at package installation time. | 150 | files at package installation time. | |
142 | Symbolic links also have their integrity checked against the recorded | 151 | Symbolic links also have their integrity checked against the recorded | |
143 | value at package installation time. | 152 | value at package installation time. |
@@ -37,38 +37,40 @@ OOPPTTIIOONNSS | @@ -37,38 +37,40 @@ OOPPTTIIOONNSS | |||
37 | package names for llssaallll and llssbbeesstt to be the null suffix. | 37 | package names for llssaallll and llssbbeesstt to be the null suffix. | |
38 | 38 | |||
39 | --ss _s_f_x___p_a_t_t_e_r_n | 39 | --ss _s_f_x___p_a_t_t_e_r_n | |
40 | Set the shell glob pattern for package suffixes when matching | 40 | Set the shell glob pattern for package suffixes when matching | |
41 | package names for llssaallll and llssbbeesstt. The default pattern is | 41 | package names for llssaallll and llssbbeesstt. The default pattern is | |
42 | ".t[bg]z". | 42 | ".t[bg]z". | |
43 | 43 | |||
44 | --VV Print version number and exit. | 44 | --VV Print version number and exit. | |
45 | 45 | |||
46 | --vv Be more verbose. | 46 | --vv Be more verbose. | |
47 | 47 | |||
48 | The following commands are supported: | 48 | The following commands are supported: | |
49 | 49 | |||
50 | aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ... | 50 | aauuddiitt [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ... | |
51 | Check the listed installed packages for vulnerabilities. If no | 51 | Check the listed installed packages for vulnerabilities. If no | |
52 | package is given, check all installed packages. If --ee is given, | 52 | package is given, check all installed packages. If --ee is given, | |
53 | override the CHECK_END_OF_LIFE option from pkg_install.conf(5) | 53 | override the CHECK_END_OF_LIFE option from pkg_install.conf(5) | |
54 | with "yes". If --ss is given, check the signature of the pkg- | 54 | with "yes". If --ii is given, any advisory ignored by IGNORE_URL | |
55 | vulnerabilities file before using it. --tt restricts the reported | 55 | in pkg_install.conf(5) is included but flagged as "ignored". If | |
56 | vulnerabilities to type _t_y_p_e. | 56 | --ss is given, check the signature of the pkg-vulnerabilities file | |
57 | before using it. --tt restricts the reported vulnerabilities to | |||
58 | type _t_y_p_e. | |||
57 | 59 | |||
58 | aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ... | 60 | aauuddiitt--ppkkgg [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ... | |
59 | Like aauuddiitt, but check only the given package names or patterns. | 61 | Like aauuddiitt, but check only the given package names or patterns. | |
60 | 62 | |||
61 | aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ... | 63 | aauuddiitt--bbaattcchh [--eeiiss] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ... | |
62 | Like aauuddiitt--ppkkgg, but read the package names or patterns one per | 64 | Like aauuddiitt--ppkkgg, but read the package names or patterns one per | |
63 | line from the given files. | 65 | line from the given files. | |
64 | 66 | |||
65 | aauuddiitt--hhiissttoorryy [--ss] [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ... | 67 | aauuddiitt--hhiissttoorryy [--ss] [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ... | |
66 | Print all vulnerabilities for the given base package names. | 68 | Print all vulnerabilities for the given base package names. | |
67 | 69 | |||
68 | cchheecckk [_p_k_g _._._.] | 70 | cchheecckk [_p_k_g _._._.] | |
69 | Use this command to check the files belonging to some or all of | 71 | Use this command to check the files belonging to some or all of | |
70 | the packages installed on the local machine against the checksum | 72 | the packages installed on the local machine against the checksum | |
71 | which was recorded in the _+_C_O_N_T_E_N_T_S files at package installation | 73 | which was recorded in the _+_C_O_N_T_E_N_T_S files at package installation | |
72 | time. Symbolic links also have their integrity checked against | 74 | time. Symbolic links also have their integrity checked against | |
73 | the recorded value at package installation time. If no | 75 | the recorded value at package installation time. If no | |
74 | additional argument is given, the files of all installed packages | 76 | additional argument is given, the files of all installed packages | |
@@ -194,14 +196,14 @@ FFIILLEESS | @@ -194,14 +196,14 @@ FFIILLEESS | |||
194 | _/_v_a_r_/_d_b_/_p_k_g_/_p_k_g_d_b_._b_y_f_i_l_e_._d_b | 196 | _/_v_a_r_/_d_b_/_p_k_g_/_p_k_g_d_b_._b_y_f_i_l_e_._d_b | |
195 | _/_v_a_r_/_d_b_/_p_k_g_/_<_p_k_g_>_/_+_C_O_N_T_E_N_T_S | 197 | _/_v_a_r_/_d_b_/_p_k_g_/_<_p_k_g_>_/_+_C_O_N_T_E_N_T_S | |
196 | 198 | |||
197 | SSEEEE AALLSSOO | 199 | SSEEEE AALLSSOO | |
198 | pkg_add(1), pkg_create(1), pkg_delete(1), pkg_info(1), | 200 | pkg_add(1), pkg_create(1), pkg_delete(1), pkg_info(1), | |
199 | pkg_install.conf(5), pkgsrc(7) | 201 | pkg_install.conf(5), pkgsrc(7) | |
200 | 202 | |||
201 | HHIISSTTOORRYY | 203 | HHIISSTTOORRYY | |
202 | The ppkkgg__aaddmmiinn command first appeared in NetBSD 1.4. | 204 | The ppkkgg__aaddmmiinn command first appeared in NetBSD 1.4. | |
203 | 205 | |||
204 | AAUUTTHHOORRSS | 206 | AAUUTTHHOORRSS | |
205 | The ppkkgg__aaddmmiinn command was written by Hubert Feyrer. | 207 | The ppkkgg__aaddmmiinn command was written by Hubert Feyrer. | |
206 | 208 | |||
207 | pkgsrc December 27, 2014 pkgsrc | 209 | pkgsrc February 25, 2018 pkgsrc |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */ | 1 | /* $NetBSD: lib.h,v 1.69 2018/02/26 23:45:02 ginsbach Exp $ */ | |
2 | 2 | |||
3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | 3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * FreeBSD install - a package for the installation and maintainance | 6 | * FreeBSD install - a package for the installation and maintainance | |
7 | * of non-core utilities. | 7 | * of non-core utilities. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -364,27 +364,27 @@ char *pkgdb_pkg_dir(const char *); | @@ -364,27 +364,27 @@ char *pkgdb_pkg_dir(const char *); | |||
364 | char *pkgdb_pkg_file(const char *, const char *); | 364 | char *pkgdb_pkg_file(const char *, const char *); | |
365 | 365 | |||
366 | /* List of packages functions */ | 366 | /* List of packages functions */ | |
367 | lpkg_t *alloc_lpkg(const char *); | 367 | lpkg_t *alloc_lpkg(const char *); | |
368 | lpkg_t *find_on_queue(lpkg_head_t *, const char *); | 368 | lpkg_t *find_on_queue(lpkg_head_t *, const char *); | |
369 | void free_lpkg(lpkg_t *); | 369 | void free_lpkg(lpkg_t *); | |
370 | 370 | |||
371 | /* Read pkg_vulnerabilities from file */ | 371 | /* Read pkg_vulnerabilities from file */ | |
372 | struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int); | 372 | struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int); | |
373 | /* Read pkg_vulnerabilities from memory */ | 373 | /* Read pkg_vulnerabilities from memory */ | |
374 | struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int); | 374 | struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int); | |
375 | void free_pkg_vulnerabilities(struct pkg_vulnerabilities *); | 375 | void free_pkg_vulnerabilities(struct pkg_vulnerabilities *); | |
376 | int audit_package(struct pkg_vulnerabilities *, const char *, const char *, | 376 | int audit_package(struct pkg_vulnerabilities *, const char *, const char *, | |
377 | int); | 377 | int, int); | |
378 | 378 | |||
379 | /* Parse configuration file */ | 379 | /* Parse configuration file */ | |
380 | void pkg_install_config(void); | 380 | void pkg_install_config(void); | |
381 | /* Print configuration variable */ | 381 | /* Print configuration variable */ | |
382 | void pkg_install_show_variable(const char *); | 382 | void pkg_install_show_variable(const char *); | |
383 | 383 | |||
384 | /* Package signature creation and validation */ | 384 | /* Package signature creation and validation */ | |
385 | int pkg_verify_signature(const char *, struct archive **, struct archive_entry **, char **); | 385 | int pkg_verify_signature(const char *, struct archive **, struct archive_entry **, char **); | |
386 | int pkg_full_signature_check(const char *, struct archive **); | 386 | int pkg_full_signature_check(const char *, struct archive **); | |
387 | #ifdef HAVE_SSL | 387 | #ifdef HAVE_SSL | |
388 | void pkg_sign_x509(const char *, const char *, const char *, const char *); | 388 | void pkg_sign_x509(const char *, const char *, const char *, const char *); | |
389 | #endif | 389 | #endif | |
390 | 390 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: version.h,v 1.172 2017/10/30 12:03:50 jperkin Exp $ */ | 1 | /* $NetBSD: version.h,v 1.173 2018/02/26 23:45:02 ginsbach Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | 4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * | 14 | * | |
@@ -17,16 +17,16 @@ | @@ -17,16 +17,16 @@ | |||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
25 | */ | 25 | */ | |
26 | 26 | |||
27 | #ifndef _INST_LIB_VERSION_H_ | 27 | #ifndef _INST_LIB_VERSION_H_ | |
28 | #define _INST_LIB_VERSION_H_ | 28 | #define _INST_LIB_VERSION_H_ | |
29 | 29 | |||
30 | #define PKGTOOLS_VERSION 20171030 | 30 | #define PKGTOOLS_VERSION 20180226 | |
31 | 31 | |||
32 | #endif /* _INST_LIB_VERSION_H_ */ | 32 | #endif /* _INST_LIB_VERSION_H_ */ |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $ */ | 1 | /* $NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>. | 4 | * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * | 10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in | 14 | * notice, this list of conditions and the following disclaimer in | |
@@ -28,27 +28,27 @@ | @@ -28,27 +28,27 @@ | |||
28 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 28 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
29 | * SUCH DAMAGE. | 29 | * SUCH DAMAGE. | |
30 | */ | 30 | */ | |
31 | 31 | |||
32 | #if HAVE_CONFIG_H | 32 | #if HAVE_CONFIG_H | |
33 | #include "config.h" | 33 | #include "config.h" | |
34 | #endif | 34 | #endif | |
35 | 35 | |||
36 | #include <nbcompat.h> | 36 | #include <nbcompat.h> | |
37 | 37 | |||
38 | #if HAVE_SYS_CDEFS_H | 38 | #if HAVE_SYS_CDEFS_H | |
39 | #include <sys/cdefs.h> | 39 | #include <sys/cdefs.h> | |
40 | #endif | 40 | #endif | |
41 | __RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $"); | 41 | __RCSID("$NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $"); | |
42 | 42 | |||
43 | #if HAVE_SYS_STAT_H | 43 | #if HAVE_SYS_STAT_H | |
44 | #include <sys/stat.h> | 44 | #include <sys/stat.h> | |
45 | #endif | 45 | #endif | |
46 | #if HAVE_SYS_WAIT_H | 46 | #if HAVE_SYS_WAIT_H | |
47 | #include <sys/wait.h> | 47 | #include <sys/wait.h> | |
48 | #endif | 48 | #endif | |
49 | #ifndef BOOTSTRAP | 49 | #ifndef BOOTSTRAP | |
50 | #include <archive.h> | 50 | #include <archive.h> | |
51 | #endif | 51 | #endif | |
52 | #include <ctype.h> | 52 | #include <ctype.h> | |
53 | #if HAVE_ERR_H | 53 | #if HAVE_ERR_H | |
54 | #include <err.h> | 54 | #include <err.h> | |
@@ -598,56 +598,59 @@ check_ignored_entry(struct pkg_vulnerabi | @@ -598,56 +598,59 @@ check_ignored_entry(struct pkg_vulnerabi | |||
598 | entry_len = next - iter; | 598 | entry_len = next - iter; | |
599 | ++next; | 599 | ++next; | |
600 | } | 600 | } | |
601 | if (url_len != entry_len) | 601 | if (url_len != entry_len) | |
602 | continue; | 602 | continue; | |
603 | if (strncmp(pv->advisory[i], iter, entry_len) == 0) | 603 | if (strncmp(pv->advisory[i], iter, entry_len) == 0) | |
604 | return 1; | 604 | return 1; | |
605 | } | 605 | } | |
606 | return 0; | 606 | return 0; | |
607 | } | 607 | } | |
608 | 608 | |||
609 | int | 609 | int | |
610 | audit_package(struct pkg_vulnerabilities *pv, const char *pkgname, | 610 | audit_package(struct pkg_vulnerabilities *pv, const char *pkgname, | |
611 | const char *limit_vul_types, int output_type) | 611 | const char *limit_vul_types, int include_ignored, int output_type) | |
612 | { | 612 | { | |
613 | FILE *output = output_type == 1 ? stdout : stderr; | 613 | FILE *output = output_type == 1 ? stdout : stderr; | |
614 | size_t i; | 614 | size_t i; | |
615 | int retval, do_eol; | 615 | int retval, do_eol, ignored; | |
616 | 616 | |||
617 | retval = 0; | 617 | retval = 0; | |
618 | 618 | |||
619 | do_eol = (strcasecmp(check_eol, "yes") == 0); | 619 | do_eol = (strcasecmp(check_eol, "yes") == 0); | |
620 | 620 | |||
621 | for (i = 0; i < pv->entries; ++i) { | 621 | for (i = 0; i < pv->entries; ++i) { | |
622 | if (check_ignored_entry(pv, i)) | 622 | ignored = check_ignored_entry(pv, i); | |
623 | if (ignored && !include_ignored) | |||
623 | continue; | 624 | continue; | |
624 | if (limit_vul_types != NULL && | 625 | if (limit_vul_types != NULL && | |
625 | strcmp(limit_vul_types, pv->classification[i])) | 626 | strcmp(limit_vul_types, pv->classification[i])) | |
626 | continue; | 627 | continue; | |
627 | if (!pkg_match(pv->vulnerability[i], pkgname)) | 628 | if (!pkg_match(pv->vulnerability[i], pkgname)) | |
628 | continue; | 629 | continue; | |
629 | if (strcmp("eol", pv->classification[i]) == 0) { | 630 | if (strcmp("eol", pv->classification[i]) == 0) { | |
630 | if (!do_eol) | 631 | if (!do_eol) | |
631 | continue; | 632 | continue; | |
632 | retval = 1; | 633 | retval = 1; | |
633 | if (output_type == 0) { | 634 | if (output_type == 0) { | |
634 | puts(pkgname); | 635 | puts(pkgname); | |
635 | continue; | 636 | continue; | |
636 | } | 637 | } | |
637 | fprintf(output, | 638 | fprintf(output, | |
638 | "Package %s has reached end-of-life (eol), " | 639 | "Package %s has reached end-of-life (eol), " | |
639 | "see %s/eol-packages\n", pkgname, | 640 | "see %s/eol-packages\n", pkgname, | |
640 | tnf_vulnerability_base); | 641 | tnf_vulnerability_base); | |
641 | continue; | 642 | continue; | |
642 | } | 643 | } | |
643 | retval = 1; | 644 | retval = 1; | |
644 | if (output_type == 0) { | 645 | if (output_type == 0) { | |
645 | puts(pkgname); | 646 | fprintf(stdout, "%s%s\n", | |
647 | pkgname, ignored ? " (ignored)" : ""); | |||
646 | } else { | 648 | } else { | |
647 | fprintf(output, | 649 | fprintf(output, | |
648 | "Package %s has a %s vulnerability, see %s\n", | 650 | "Package %s has a%s %s vulnerability, see %s\n", | |
649 | pkgname, pv->classification[i], pv->advisory[i]); | 651 | pkgname, ignored ? "n ignored" : "", | |
652 | pv->classification[i], pv->advisory[i]); | |||
650 | } | 653 | } | |
651 | } | 654 | } | |
652 | return retval; | 655 | return retval; | |
653 | } | 656 | } |