 @@ -1,22 +1,22 @@
-/*	$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $	*/
+/*	$NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.110 2018/02/26 23:45:01 ginsbach Exp $");
 /*-
  * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org>
  * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org>
  * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org>
  * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>
  * Copyright (c) 2010 Thomas Klausner <wiz@NetBSD.org>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
 @@ -1308,27 +1308,27 @@ check_vulnerable(struct pkg_task *pkg)
 	else {
 		warnx("Unknown value of the configuration variable"
 		    "CHECK_VULNERABILITIES");
 		return 1;
+	}
 	if (pv == NULL) {
 		pv = read_pkg_vulnerabilities_file(pkg_vulnerabilities_file,
 		    require_check, 0);
 		if (pv == NULL)
 			return require_check;
+	}
-	if (!audit_package(pv, pkg->pkgname, NULL, 2))
+	if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
 		return 0;
 	if (require_check)
 		return 1;
 	fprintf(stderr, "Do you want to proceed with the installation of %s"
 	    " [y/n]?\n", pkg->pkgname);
 	line = fgetln(stdin, &len);
 	if (check_input(line, len)) {
 		fprintf(stderr, "Cancelling installation\n");
 		return 1;
+	}
 	return 0;

 @@ -1,23 +1,23 @@
-/*	$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $	*/
+/*	$NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $");
+__RCSID("$NetBSD: audit.c,v 1.18 2018/02/26 23:45:02 ginsbach Exp $");
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
 @@ -63,76 +63,81 @@ __RCSID("$NetBSD: audit.c,v 1.17 2011/02
 #include <string.h>
 #endif
 #ifdef NETBSD
 #include <unistd.h>
 #else
 #include <nbcompat/unistd.h>
 #endif
 #include <fetch.h>
 #include "admin.h"
 #include "lib.h"
 static int check_ignored_advisories = 0;
 static int check_signature = 0;
 static const char *limit_vul_types = NULL;
 static int update_pkg_vuln = 0;
 static struct pkg_vulnerabilities *pv;
-static const char audit_options[] = "est:";
+static const char audit_options[] = "eist:";
 static void
 parse_options(int argc, char **argv, const char *options)
+{
 	int ch;
 	optreset = 1;
 	/*
 	 * optind == 0 is interpreted as partial reset request
 	 * by GNU getopt, so compensate against this and cleanup
 	 * at the end.
 	 */
 	optind = 1;
 	++argc;
 	--argv;
 	while ((ch = getopt(argc, argv, options)) != -1) {
 		switch (ch) {
 		case 'e':
 			check_eol = "yes";
 			break;
 		case 'i':
 			check_ignored_advisories = 1;
 			break;
 		case 's':
 			check_signature = 1;
 			break;
 		case 't':
 			limit_vul_types = optarg;
 			break;
 		case 'u':
 			update_pkg_vuln = 1;
 			break;
 		default:
 			usage();
 			/* NOTREACHED */
+		}
+	}
 	--optind; /* See above comment. */
+}
 static int
 check_exact_pkg(const char *pkg)
+{
-	return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1);
+	return audit_package(pv, pkg, limit_vul_types,
 			     check_ignored_advisories, quiet ? 0 : 1);
+}
 static int
 check_batch_exact_pkgs(const char *fname)
+{
 	FILE *f;
 	char buf[4096], *line, *eol;
 	int ret;
 	ret = 0;
 	if (strcmp(fname, "-") == 0)
 		f = stdin;
 	else {

 @@ -1,23 +1,23 @@
-/*	$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $	*/
+/*	$NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.66 2018/02/26 23:45:02 ginsbach Exp $");
 /*-
  * Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Hubert Feyrer <hubert@feyrer.de> and
  * by Joerg Sonnenberger <joerg@NetBSD.org>.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
 @@ -102,29 +102,29 @@ usage(void)
 	    "Where 'commands' and 'args' are:\n"
 	    " rebuild                     - rebuild pkgdb from +CONTENTS files\n"
 	    " rebuild-tree                - rebuild +REQUIRED_BY files from forward deps\n"
 	    " check [pkg ...]             - check md5 checksum of installed files\n"
 	    " add pkg ...                 - add pkg files to database\n"
 	    " set variable=value pkg ...  - set installation variable for package\n"
 	    " unset variable pkg ...      - unset installation variable for package\n"
 	    " lsall /path/to/pkgpattern   - list all pkgs matching the pattern\n"
 	    " lsbest /path/to/pkgpattern  - list pkgs matching the pattern best\n"
 	    " dump                        - dump database\n"
 	    " pmatch pattern pkg          - returns true if pkg matches pattern, otherwise false\n"
 	    " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n"
 	    " check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n"
-	    " audit [-es] [-t type] ...       - check installed packages for vulnerabilities\n"
+	    " audit [-eis] [-t type] ...       - check installed packages for vulnerabilities\n"
-	    " audit-pkg [-es] [-t type] ...   - check listed packages for vulnerabilities\n"
+	    " audit-pkg [-eis] [-t type] ...   - check listed packages for vulnerabilities\n"
-	    " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
+	    " audit-batch [-eis] [-t type] ... - check packages in listed files for vulnerabilities\n"
 	    " audit-history [-t type] ...     - print all advisories for package names\n"
 	    " check-license <condition>       - check if condition is acceptable\n"
 	    " check-single-license <license>  - check if license is acceptable\n"
 	    " config-var name                 - print current value of the configuration variable\n"
 	    " check-signature ...             - verify the signature of packages\n"
 	    " x509-sign-package pkg spkg key cert  - create X509 signature\n"
 	    " gpg-sign-package pkg spkg       - create GPG signature\n",
 	    getprogname());
 	exit(EXIT_FAILURE);
+}
 /*
  * add1pkg(<pkg>)

 @@ -1,14 +1,14 @@
-.\"	$NetBSD: pkg_admin.1,v 1.34 2014/12/30 15:13:20 wiz Exp $
+.\"	$NetBSD: pkg_admin.1,v 1.35 2018/02/26 23:45:02 ginsbach Exp $
 .\"
 .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
 .\" by Hubert Feyrer <hubert@feyrer.de>.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 @@ -24,27 +24,27 @@
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 .\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 27, 2014
+.Dd February 25, 2018
 .Dt PKG_ADMIN 1
 .Os
 .Sh NAME
 .Nm pkg_admin
 .Nd perform various administrative tasks to the pkg system
 .Sh SYNOPSIS
 .Nm
 .Op Fl bqSVv
 .Op Fl C Ar config
 .Op Fl d Ar lsdir
 .Op Fl K Ar pkg_dbdir
 .Op Fl s Ar sfx_pattern
 .Ar command Op args ...
 @@ -96,48 +96,57 @@ Set the shell glob pattern for package s
 names for
 .Cm lsall
 and
 .Cm lsbest .
 The default pattern is ".t[bg]z".
 .It Fl V
 Print version number and exit.
 .It Fl v
 Be more verbose.
 .El
 .Pp
 The following commands are supported:
 .Bl -tag -width indent
-.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
 Check the listed installed packages for vulnerabilities.
 If no package is given, check all installed packages.
 If
 .Fl e
 is given, override the
 .Dv CHECK_END_OF_LIFE
 option from
 .Xr pkg_install.conf 5
 with
 .Qq Li yes .
 If
 .Fl i
 is given,
 any advisory ignored by
 .Dv IGNORE_URL
 in
 .Xr pkg_install.conf 5
 is included but flagged as
 .Qq ignored .
 If
 .Fl s
 is given, check the signature of the pkg-vulnerabilities file before using it.
 .Fl t
 restricts the reported vulnerabilities to type
 .Ar type .
-.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit-pkg Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
 Like
 .Cm audit ,
 but check only the given package names or patterns.
-.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
+.It Cm audit-batch Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
 Like
 .Cm audit-pkg ,
 but read the package names or patterns one per line from the given files.
 .It Cm audit-history Oo Fl s Oc Oo Fl t Ar type Oc Oo Ar pkgbase Oc ...
 Print all vulnerabilities for the given base package names.
 .It Cm check Op Ar pkg ...
 Use this command to check the files belonging to some or all of the
 packages installed on the local machine against the checksum
 which was recorded in the
 .Pa +CONTENTS
 files at package installation time.
 Symbolic links also have their integrity checked against the recorded
 value at package installation time.

 @@ -37,38 +37,40 @@ OOPPTTIIOONNSS
              package names for llssaallll and llssbbeesstt to be the null suffix.
      --ss _s_f_x___p_a_t_t_e_r_n
              Set the shell glob pattern for package suffixes when matching
              package names for llssaallll and llssbbeesstt.  The default pattern is
              ".t[bg]z".
      --VV      Print version number and exit.
      --vv      Be more verbose.
      The following commands are supported:
-     aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+     aauuddiitt [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ...
              Check the listed installed packages for vulnerabilities.  If no
              package is given, check all installed packages.  If --ee is given,
              override the CHECK_END_OF_LIFE option from pkg_install.conf(5)
-             with "yes".  If --ss is given, check the signature of the pkg-
+             with "yes".  If --ii is given, any advisory ignored by IGNORE_URL
-             vulnerabilities file before using it.  --tt restricts the reported
+             in pkg_install.conf(5) is included but flagged as "ignored".  If
-             vulnerabilities to type _t_y_p_e.
+             --ss is given, check the signature of the pkg-vulnerabilities file
              before using it.  --tt restricts the reported vulnerabilities to
              type _t_y_p_e.
-     aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ...
+     aauuddiitt--ppkkgg [--eeiiss] [--tt _t_y_p_e] [_p_k_g] ...
              Like aauuddiitt, but check only the given package names or patterns.
-     aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
+     aauuddiitt--bbaattcchh [--eeiiss] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
              Like aauuddiitt--ppkkgg, but read the package names or patterns one per
              line from the given files.
      aauuddiitt--hhiissttoorryy [--ss] [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ...
              Print all vulnerabilities for the given base package names.
      cchheecckk [_p_k_g _._._.]
              Use this command to check the files belonging to some or all of
              the packages installed on the local machine against the checksum
              which was recorded in the _+_C_O_N_T_E_N_T_S files at package installation
              time.  Symbolic links also have their integrity checked against
              the recorded value at package installation time.  If no
              additional argument is given, the files of all installed packages
 @@ -194,14 +196,14 @@ FFIILLEESS
      _/_v_a_r_/_d_b_/_p_k_g_/_p_k_g_d_b_._b_y_f_i_l_e_._d_b
      _/_v_a_r_/_d_b_/_p_k_g_/_<_p_k_g_>_/_+_C_O_N_T_E_N_T_S
 SSEEEE AALLSSOO
      pkg_add(1), pkg_create(1), pkg_delete(1), pkg_info(1),
      pkg_install.conf(5), pkgsrc(7)
 HHIISSTTOORRYY
      The ppkkgg__aaddmmiinn command first appeared in NetBSD 1.4.
 AAUUTTHHOORRSS
      The ppkkgg__aaddmmiinn command was written by Hubert Feyrer.
-pkgsrc                         December 27, 2014                        pkgsrc
+pkgsrc                         February 25, 2018                        pkgsrc

 @@ -1,14 +1,14 @@
-/* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.69 2018/02/26 23:45:02 ginsbach Exp $ */
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 /*
  * FreeBSD install - a package for the installation and maintainance
  * of non-core utilities.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -364,27 +364,27 @@ char   *pkgdb_pkg_dir(const char *);
 char   *pkgdb_pkg_file(const char *, const char *);
 /* List of packages functions */
 lpkg_t *alloc_lpkg(const char *);
 lpkg_t *find_on_queue(lpkg_head_t *, const char *);
 void    free_lpkg(lpkg_t *);
 /* Read pkg_vulnerabilities from file */
 struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int);
 /* Read pkg_vulnerabilities from memory */
 struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int);
 void free_pkg_vulnerabilities(struct pkg_vulnerabilities *);
 int audit_package(struct pkg_vulnerabilities *, const char *, const char *,
-    int);
+    int, int);
 /* Parse configuration file */
 void pkg_install_config(void);
 /* Print configuration variable */
 void pkg_install_show_variable(const char *);
 /* Package signature creation and validation */
 int pkg_verify_signature(const char *, struct archive **, struct archive_entry **, char **);
 int pkg_full_signature_check(const char *, struct archive **);
 #ifdef HAVE_SSL
 void pkg_sign_x509(const char *, const char *, const char *, const char *);
 #endif

 @@ -1,14 +1,14 @@
-/*	$NetBSD: version.h,v 1.172 2017/10/30 12:03:50 jperkin Exp $	*/
+/*	$NetBSD: version.h,v 1.173 2018/02/26 23:45:02 ginsbach Exp $	*/
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
 @@ -17,16 +17,16 @@
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION 20171030
+#define PKGTOOLS_VERSION 20180226
 #endif /* _INST_LIB_VERSION_H_ */

 @@ -1,14 +1,14 @@
-/*	$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $	*/
+/*	$NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $	*/
 /*-
  * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
 @@ -28,27 +28,27 @@
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.10 2018/02/26 23:45:02 ginsbach Exp $");
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
 #if HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif
 #ifndef BOOTSTRAP
 #include <archive.h>
 #endif
 #include <ctype.h>
 #if HAVE_ERR_H
 #include <err.h>
 @@ -598,56 +598,59 @@ check_ignored_entry(struct pkg_vulnerabi
 			entry_len = next - iter;
 			++next;
+		}
 		if (url_len != entry_len)
 			continue;
 		if (strncmp(pv->advisory[i], iter, entry_len) == 0)
 			return 1;
+	}
 	return 0;
+}
 int
 audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
-    const char *limit_vul_types, int output_type)
+    const char *limit_vul_types, int include_ignored, int output_type)
+{
 	FILE *output = output_type == 1 ? stdout : stderr;
 	size_t i;
-	int retval, do_eol;
+	int retval, do_eol, ignored;
 	retval = 0;
 	do_eol = (strcasecmp(check_eol, "yes") == 0);
 	for (i = 0; i < pv->entries; ++i) {
-		if (check_ignored_entry(pv, i))
+		ignored = check_ignored_entry(pv, i);
 		if (ignored && !include_ignored)
 			continue;
 		if (limit_vul_types != NULL &&
 		    strcmp(limit_vul_types, pv->classification[i]))
 			continue;
 		if (!pkg_match(pv->vulnerability[i], pkgname))
 			continue;
 		if (strcmp("eol", pv->classification[i]) == 0) {
 			if (!do_eol)
 				continue;
 			retval = 1;
 			if (output_type == 0) {
 				puts(pkgname);
 				continue;
+			}
 			fprintf(output,
 			    "Package %s has reached end-of-life (eol), "
 			    "see %s/eol-packages\n", pkgname,
 			    tnf_vulnerability_base);
 			continue;
+		}
 		retval = 1;
 		if (output_type == 0) {
-			puts(pkgname);
+			fprintf(stdout, "%s%s\n",
 				pkgname, ignored ? " (ignored)" : "");
 		} else {
 			fprintf(output,
-			    "Package %s has a %s vulnerability, see %s\n",
+			    "Package %s has a%s %s vulnerability, see %s\n",
-			    pkgname, pv->classification[i], pv->advisory[i]);
+			    pkgname, ignored ? "n ignored" : "",
 			    pv->classification[i], pv->advisory[i]);
+		}
+	}
 	return retval;
+}