Module Name: src
Committed By: martin
Date: Mon Oct 21 16:57:40 UTC 2019
Modified Files:
src/external/bsd/pkg_install/dist/add [netbsd-8]: perform.c pkg_add.1
src/external/bsd/pkg_install/dist/admin [netbsd-8]: audit.c main.c
pkg_admin.1
src/external/bsd/pkg_install/dist/create [netbsd-8]: util.c
src/external/bsd/pkg_install/dist/delete [netbsd-8]: pkg_delete.c
src/external/bsd/pkg_install/dist/info [netbsd-8]: main.c
src/external/bsd/pkg_install/dist/lib [netbsd-8]: lib.h license.c
parse-config.c pkcs7.c pkg_io.c version.h vulnerabilities-file.c
Log Message:
Pull up the following revisions, requested by joerg in ticket #1409:
external/bsd/pkg_install/dist/add/perform.c up to 1.6
external/bsd/pkg_install/dist/add/pkg_add.1 up to 1.3
external/bsd/pkg_install/dist/admin/audit.c up to 1.3
external/bsd/pkg_install/dist/admin/main.c up to 1.4
external/bsd/pkg_install/dist/admin/pkg_admin.1 up to 1.5
external/bsd/pkg_install/dist/create/util.c up to 1.2
external/bsd/pkg_install/dist/delete/pkg_delete.c up to 1.3
external/bsd/pkg_install/dist/info/main.c up to 1.3
external/bsd/pkg_install/dist/lib/lib.h up to 1.9
external/bsd/pkg_install/dist/lib/license.c up to 1.9
external/bsd/pkg_install/dist/lib/parse-config.c up to 1.3
external/bsd/pkg_install/dist/lib/pkcs7.c up to 1.4
external/bsd/pkg_install/dist/lib/pkg_io.c up to 1.3
external/bsd/pkg_install/dist/lib/version.h up to 1.15
external/bsd/pkg_install/dist/lib/vulnerabilities-file.c up to 1.3
Merge pkg_install-20191008 from pkgsrc.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.5.4.1 src/external/bsd/pkg_install/dist/add/perform.c
cvs rdiff -u -r1.2 -r1.2.4.1 src/external/bsd/pkg_install/dist/add/pkg_add.1
cvs rdiff -u -r1.2 -r1.2.4.1 src/external/bsd/pkg_install/dist/admin/audit.c \
src/external/bsd/pkg_install/dist/admin/main.c \
src/external/bsd/pkg_install/dist/admin/pkg_admin.1
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.4.1 \
src/external/bsd/pkg_install/dist/create/util.c
cvs rdiff -u -r1.2 -r1.2.4.1 \
src/external/bsd/pkg_install/dist/delete/pkg_delete.c
cvs rdiff -u -r1.2 -r1.2.4.1 src/external/bsd/pkg_install/dist/info/main.c
cvs rdiff -u -r1.8 -r1.8.4.1 src/external/bsd/pkg_install/dist/lib/lib.h
cvs rdiff -u -r1.5 -r1.5.4.1 src/external/bsd/pkg_install/dist/lib/license.c
cvs rdiff -u -r1.2 -r1.2.4.1 \
src/external/bsd/pkg_install/dist/lib/parse-config.c \
src/external/bsd/pkg_install/dist/lib/pkcs7.c \
src/external/bsd/pkg_install/dist/lib/pkg_io.c \
src/external/bsd/pkg_install/dist/lib/vulnerabilities-file.c
cvs rdiff -u -r1.11 -r1.11.4.1 \
src/external/bsd/pkg_install/dist/lib/version.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/pkg_install/dist/add/perform.c
diff -u src/external/bsd/pkg_install/dist/add/perform.c:1.5 src/external/bsd/pkg_install/dist/add/perform.c:1.5.4.1
--- src/external/bsd/pkg_install/dist/add/perform.c:1.5 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/add/perform.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: perform.c,v 1.5 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: perform.c,v 1.5.4.1 2019/10/21 16:57:40 martin Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -6,7 +6,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: perform.c,v 1.5 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.5.4.1 2019/10/21 16:57:40 martin Exp $");
/*-
* Copyright (c) 2003 Grant Beattie <gr...@netbsd.org>
@@ -1318,7 +1318,7 @@ check_vulnerable(struct pkg_task *pkg)
return require_check;
}
- if (!audit_package(pv, pkg->pkgname, NULL, 2))
+ if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
return 0;
if (require_check)
Index: src/external/bsd/pkg_install/dist/add/pkg_add.1
diff -u src/external/bsd/pkg_install/dist/add/pkg_add.1:1.2 src/external/bsd/pkg_install/dist/add/pkg_add.1:1.2.4.1
--- src/external/bsd/pkg_install/dist/add/pkg_add.1:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/add/pkg_add.1 Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_add.1,v 1.2 2017/04/20 13:18:23 joerg Exp $
+.\" $NetBSD: pkg_add.1,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $
.\"
.\" FreeBSD install - a package for the installation and maintenance
.\" of non-core utilities.
@@ -17,7 +17,7 @@
.\"
.\" @(#)pkg_add.1
.\"
-.Dd December 27, 2014
+.Dd March 21, 2018
.Dt PKG_ADD 1
.Os
.Sh NAME
@@ -25,7 +25,7 @@
.Nd a utility for installing and upgrading software package distributions
.Sh SYNOPSIS
.Nm
-.Op Fl AfInRUuVv
+.Op Fl AfhInRUuVv
.Op Fl C Ar config
.Op Fl K Ar pkg_dbdir
.Op Fl m Ar machine
@@ -119,6 +119,11 @@ removed.
Read the configuration file from
.Ar config
instead of the system default.
+.It Fl D
+Force updating even if the dependencies of depending packages are not
+satisfied by the new package.
+This is used by "make replace", after which one would typically
+replace the depending packages.
.It Fl f
Force installation to proceed even if prerequisite packages are not
installed or the install script fails.
@@ -128,11 +133,8 @@ will still try to find and auto-install
a failure to find one will not be fatal.
This flag also overrides the fatal error when the operating system or
architecture the package was built on differ from that of the host.
-.It Fl D
-Force updating even if the dependencies of depending packages are not
-satisfied by the new package.
-This is used by "make replace", after which one would typically
-replace the depending packages.
+.It Fl h
+Display help and exit.
.It Fl I
If an installation script exists for a given package, do not execute it.
.It Fl K Ar pkg_dbdir
Index: src/external/bsd/pkg_install/dist/admin/audit.c
diff -u src/external/bsd/pkg_install/dist/admin/audit.c:1.2 src/external/bsd/pkg_install/dist/admin/audit.c:1.2.4.1
--- src/external/bsd/pkg_install/dist/admin/audit.c:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/admin/audit.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: audit.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: audit.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: audit.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: audit.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $");
/*-
* Copyright (c) 2008 Joerg Sonnenberger <jo...@netbsd.org>.
@@ -73,13 +73,14 @@ __RCSID("$NetBSD: audit.c,v 1.2 2017/04/
#include "admin.h"
#include "lib.h"
+static int check_ignored_advisories = 0;
static int check_signature = 0;
static const char *limit_vul_types = NULL;
static int update_pkg_vuln = 0;
static struct pkg_vulnerabilities *pv;
-static const char audit_options[] = "est:";
+static const char audit_options[] = "eist:";
static void
parse_options(int argc, char **argv, const char *options)
@@ -101,6 +102,9 @@ parse_options(int argc, char **argv, con
case 'e':
check_eol = "yes";
break;
+ case 'i':
+ check_ignored_advisories = 1;
+ break;
case 's':
check_signature = 1;
break;
@@ -122,7 +126,8 @@ parse_options(int argc, char **argv, con
static int
check_exact_pkg(const char *pkg)
{
- return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1);
+ return audit_package(pv, pkg, limit_vul_types,
+ check_ignored_advisories, quiet ? 0 : 1);
}
static int
Index: src/external/bsd/pkg_install/dist/admin/main.c
diff -u src/external/bsd/pkg_install/dist/admin/main.c:1.2 src/external/bsd/pkg_install/dist/admin/main.c:1.2.4.1
--- src/external/bsd/pkg_install/dist/admin/main.c:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/admin/main.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: main.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,10 +7,10 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: main.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $");
/*-
- * Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 1999-2019 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
@@ -59,8 +59,10 @@ __RCSID("$NetBSD: main.c,v 1.2 2017/04/2
#endif
#ifndef NETBSD
#include <nbcompat/md5.h>
+#include <nbcompat/sha2.h>
#else
#include <md5.h>
+#include <sha2.h>
#endif
#if HAVE_LIMITS_H
#include <limits.h>
@@ -93,6 +95,7 @@ static const char Options[] = "C:K:SVbd:
int quiet, verbose;
static void set_unset_variable(char **, Boolean);
+static void digest_input(char **);
/* print usage message and exit */
void
@@ -112,9 +115,9 @@ usage(void)
" pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n"
" fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n"
" check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n"
- " audit [-es] [-t type] ... - check installed packages for vulnerabilities\n"
- " audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n"
- " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
+ " audit [-eis] [-t type] ... - check installed packages for vulnerabilities\n"
+ " audit-pkg [-eis] [-t type] ... - check listed packages for vulnerabilities\n"
+ " audit-batch [-eis] [-t type] ... - check packages in listed files for vulnerabilities\n"
" audit-history [-t type] ... - print all advisories for package names\n"
" check-license <condition> - check if condition is acceptable\n"
" check-single-license <license> - check if license is acceptable\n"
@@ -521,6 +524,9 @@ main(int argc, char *argv[])
} else if (strcasecmp(argv[0], "unset") == 0) {
argv++; /* "unset" */
set_unset_variable(argv, TRUE);
+ } else if (strcasecmp(argv[0], "digest") == 0) {
+ argv++; /* "digest" */
+ digest_input(argv);
} else if (strcasecmp(argv[0], "config-var") == 0) {
argv++;
if (argv == NULL || argv[1] != NULL)
@@ -736,3 +742,22 @@ set_unset_variable(char **argv, Boolean
return;
}
+
+static void
+digest_input(char **argv)
+{
+ char digest[SHA256_DIGEST_STRING_LENGTH];
+ int failures = 0;
+
+ while (*argv != NULL) {
+ if (SHA256_File(*argv, digest)) {
+ puts(digest);
+ } else {
+ warn("cannot process %s", *argv);
+ ++failures;
+ }
+ argv++;
+ }
+ if (failures)
+ exit(EXIT_FAILURE);
+}
Index: src/external/bsd/pkg_install/dist/admin/pkg_admin.1
diff -u src/external/bsd/pkg_install/dist/admin/pkg_admin.1:1.2 src/external/bsd/pkg_install/dist/admin/pkg_admin.1:1.2.4.1
--- src/external/bsd/pkg_install/dist/admin/pkg_admin.1:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/admin/pkg_admin.1 Mon Oct 21 16:57:40 2019
@@ -1,10 +1,11 @@
-.\" $NetBSD: pkg_admin.1,v 1.2 2017/04/20 13:18:23 joerg Exp $
+.\" $NetBSD: pkg_admin.1,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $
.\"
-.\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 1999-2019 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
-.\" by Hubert Feyrer <hub...@feyrer.de>.
+.\" by Hubert Feyrer <hub...@feyrer.de> and
+.\" by Joerg Sonnenberger <jo...@netbsd.org>.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
@@ -14,13 +15,6 @@
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the NetBSD
-.\" Foundation, Inc. and its contributors.
-.\" 4. Neither the name of The NetBSD Foundation nor the names of its
-.\" contributors may be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
@@ -34,7 +28,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd December 27, 2014
+.Dd October 8, 2019
.Dt PKG_ADMIN 1
.Os
.Sh NAME
@@ -106,7 +100,7 @@ Be more verbose.
.Pp
The following commands are supported:
.Bl -tag -width indent
-.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
Check the listed installed packages for vulnerabilities.
If no package is given, check all installed packages.
If
@@ -118,16 +112,25 @@ option from
with
.Qq Li yes .
If
+.Fl i
+is given,
+any advisory ignored by
+.Dv IGNORE_URL
+in
+.Xr pkg_install.conf 5
+is included but flagged as
+.Qq ignored .
+If
.Fl s
is given, check the signature of the pkg-vulnerabilities file before using it.
.Fl t
restricts the reported vulnerabilities to type
.Ar type .
-.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
+.It Cm audit-pkg Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
Like
.Cm audit ,
but check only the given package names or patterns.
-.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
+.It Cm audit-batch Oo Fl eis Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
Like
.Cm audit-pkg ,
but read the package names or patterns one per line from the given files.
@@ -180,6 +183,9 @@ otherwise it exits with error.
Print the current value of
.Ar variable
as used after parsing the configuration file.
+.It Cm digest Ar file ...
+Compute a SHA256 message digest of
+.Ar file .
.It Cm dump
Dump the contents of the package database, similar to
.Cm pkg_info -F .
@@ -202,6 +208,11 @@ for packages matching
Print the URL of the best matching package to stdout for each pattern.
If a pattern is not matched, it is skipped and the command will return
a failure.
+.It Cm gpg-sign-package pkg spkg
+Sign the binary package
+.Ar pkg
+using GPG and write the result to
+.Ar spkg .
.It Cm lsall Ar /dir/pkgpattern
.It Cm lsbest Ar /dir/pkgpattern
List all/best package matching pattern in the given directory
@@ -266,11 +277,6 @@ to remove a variable.
Packages that are not installed directly by the user but pulled in as
dependencies are marked by setting
.Dq automatic=YES .
-.It Cm gpg-sign-package pkg spkg
-Sign the binary package
-.Ar pkg
-using GPG and write the result to
-.Ar spkg .
.It Cm x509-sign-package pkg spkg key cert
Sign the binary package
.Ar pkg
Index: src/external/bsd/pkg_install/dist/create/util.c
diff -u src/external/bsd/pkg_install/dist/create/util.c:1.1.1.3 src/external/bsd/pkg_install/dist/create/util.c:1.1.1.3.4.1
--- src/external/bsd/pkg_install/dist/create/util.c:1.1.1.3 Thu Apr 20 13:12:47 2017
+++ src/external/bsd/pkg_install/dist/create/util.c Mon Oct 21 16:57:40 2019
@@ -65,7 +65,7 @@ update_ids(struct memory_file *file)
errx(2, "user %s unknown", file->owner);
file->st.st_uid = uid;
} else {
- file->owner = user_from_uid(file->st.st_uid, 1);
+ file->owner = xstrdup(user_from_uid(file->st.st_uid, 1));
}
if (file->group != NULL) {
@@ -73,10 +73,9 @@ update_ids(struct memory_file *file)
if (gid_from_group(file->group, &gid) == -1)
errx(2, "group %s unknown", file->group);
- file->group = file->group;
file->st.st_gid = gid;
} else {
- file->group = group_from_gid(file->st.st_gid, 1);
+ file->group = xstrdup(group_from_gid(file->st.st_gid, 1));
}
}
@@ -88,8 +87,8 @@ make_memory_file(const char *archive_nam
file = xmalloc(sizeof(*file));
file->name = archive_name;
- file->owner = owner;
- file->group = group;
+ file->owner = (owner != NULL) ? xstrdup(owner) : NULL;
+ file->group = (group != NULL) ? xstrdup(group) : NULL;
file->data = data;
file->len = len;
@@ -116,8 +115,8 @@ load_memory_file(const char *disk_name,
file = xmalloc(sizeof(*file));
file->name = archive_name;
- file->owner = owner;
- file->group = group;
+ file->owner = (owner != NULL) ? xstrdup(owner) : NULL;
+ file->group = (group != NULL) ? xstrdup(group) : NULL;
file->mode = mode;
fd = open(disk_name, O_RDONLY);
@@ -148,6 +147,8 @@ void
free_memory_file(struct memory_file *file)
{
if (file != NULL) {
+ free(__UNCONST(file->owner));
+ free(__UNCONST(file->group));
free(file->data);
free(file);
}
Index: src/external/bsd/pkg_install/dist/delete/pkg_delete.c
diff -u src/external/bsd/pkg_install/dist/delete/pkg_delete.c:1.2 src/external/bsd/pkg_install/dist/delete/pkg_delete.c:1.2.4.1
--- src/external/bsd/pkg_install/dist/delete/pkg_delete.c:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/delete/pkg_delete.c Mon Oct 21 16:57:40 2019
@@ -34,7 +34,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: pkg_delete.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: pkg_delete.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $");
#if HAVE_ERR_H
#include <err.h>
@@ -60,7 +60,7 @@ static int delete_automatic_leaves;
static void
usage(void)
{
- fprintf(stderr, "usage: pkg_delete [-DFfkNnORrVv] [-K pkg_dbdir]"
+ fprintf(stderr, "usage: pkg_delete [-ADFfkNnORrVv] [-K pkg_dbdir]"
" [-P destdir] [-p prefix] pkg-name ...\n");
exit(1);
}
Index: src/external/bsd/pkg_install/dist/info/main.c
diff -u src/external/bsd/pkg_install/dist/info/main.c:1.2 src/external/bsd/pkg_install/dist/info/main.c:1.2.4.1
--- src/external/bsd/pkg_install/dist/info/main.c:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/info/main.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: main.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: main.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $");
/*
*
@@ -299,12 +299,16 @@ main(int argc, char **argv)
errx(EXIT_FAILURE, "Error during search in pkgdb for %s", *argv);
}
} else {
- const char *dbdir;
+ const char *dbdir;
+ size_t dbdirlen;
dbdir = pkgdb_get_dir();
- if (**argv == '/' && strncmp(*argv, dbdir, strlen(dbdir)) == 0) {
- *argv += strlen(dbdir) + 1;
- if ((*argv)[strlen(*argv) - 1] == '/') {
+ dbdirlen = strlen(dbdir);
+ if (**argv == '/' &&
+ strncmp(*argv, dbdir, dbdirlen) == 0 &&
+ (*argv)[dbdirlen] == '/') {
+ *argv += dbdirlen + 1;
+ if (**argv && (*argv)[strlen(*argv) - 1] == '/') {
(*argv)[strlen(*argv) - 1] = 0;
}
}
Index: src/external/bsd/pkg_install/dist/lib/lib.h
diff -u src/external/bsd/pkg_install/dist/lib/lib.h:1.8 src/external/bsd/pkg_install/dist/lib/lib.h:1.8.4.1
--- src/external/bsd/pkg_install/dist/lib/lib.h:1.8 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/lib/lib.h Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.8 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.8.4.1 2019/10/21 16:57:40 martin Exp $ */
/* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
@@ -374,7 +374,7 @@ struct pkg_vulnerabilities *read_pkg_vul
struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int);
void free_pkg_vulnerabilities(struct pkg_vulnerabilities *);
int audit_package(struct pkg_vulnerabilities *, const char *, const char *,
- int);
+ int, int);
/* Parse configuration file */
void pkg_install_config(void);
Index: src/external/bsd/pkg_install/dist/lib/license.c
diff -u src/external/bsd/pkg_install/dist/lib/license.c:1.5 src/external/bsd/pkg_install/dist/lib/license.c:1.5.4.1
--- src/external/bsd/pkg_install/dist/lib/license.c:1.5 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/lib/license.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: license.c,v 1.5 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: license.c,v 1.5.4.1 2019/10/21 16:57:40 martin Exp $ */
/*-
* Copyright (c) 2009 Joerg Sonnenberger <jo...@netbsd.org>.
@@ -51,9 +51,12 @@ const char *default_acceptable_licenses
"artistic artistic-2.0 "
"boost-license "
"cc-by-sa-v3.0 "
+ "cc-by-sa-v4.0 "
+ "cc-by-v4.0 "
"cc0-1.0-universal "
"cddl-1.0 "
"cecill-2.1 "
+ "cecill-b-v1 "
"cpl-1.0 "
"epl-v1.0 "
"eupl-v1.1 "
@@ -62,6 +65,7 @@ const char *default_acceptable_licenses
"gnu-gpl-v1 "
"gnu-gpl-v2 gnu-lgpl-v2 gnu-lgpl-v2.1 "
"gnu-gpl-v3 gnu-lgpl-v3 "
+ "happy "
"hpnd "
"info-zip "
"ipafont "
@@ -76,6 +80,7 @@ const char *default_acceptable_licenses
"ofl-v1.0 ofl-v1.1 "
"openssl "
"original-bsd modified-bsd 2-clause-bsd "
+ "osl "
"paratype "
"php "
"png-license "
@@ -92,7 +97,8 @@ const char *default_acceptable_licenses
"w3c "
"x11 "
"zlib "
- "zpl-2.0 zpl-2.1";
+ "zpl-2.0 zpl-2.1 "
+ "zsh";
#ifdef DEBUG
static size_t hash_collisions;
Index: src/external/bsd/pkg_install/dist/lib/parse-config.c
diff -u src/external/bsd/pkg_install/dist/lib/parse-config.c:1.2 src/external/bsd/pkg_install/dist/lib/parse-config.c:1.2.4.1
--- src/external/bsd/pkg_install/dist/lib/parse-config.c:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/lib/parse-config.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: parse-config.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: parse-config.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: parse-config.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $");
/*-
* Copyright (c) 2008, 2009 Joerg Sonnenberger <jo...@netbsd.org>.
@@ -83,7 +83,7 @@ const char *pkg_vulnerabilities_dir;
const char *pkg_vulnerabilities_file;
const char *pkg_vulnerabilities_url;
const char *ignore_advisories = NULL;
-const char tnf_vulnerability_base[] = "http://ftp.NetBSD.org/pub/NetBSD/packages/vulns";;
+const char tnf_vulnerability_base[] = "http://cdn.NetBSD.org/pub/NetBSD/packages/vulns";;
const char *acceptable_licenses = NULL;
static struct config_variable {
Index: src/external/bsd/pkg_install/dist/lib/pkcs7.c
diff -u src/external/bsd/pkg_install/dist/lib/pkcs7.c:1.2 src/external/bsd/pkg_install/dist/lib/pkcs7.c:1.2.4.1
--- src/external/bsd/pkg_install/dist/lib/pkcs7.c:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/lib/pkcs7.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: pkcs7.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: pkcs7.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -7,7 +7,7 @@
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: pkcs7.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: pkcs7.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $");
/*-
* Copyright (c) 2004, 2008 The NetBSD Foundation, Inc.
@@ -55,25 +55,13 @@ __RCSID("$NetBSD: pkcs7.c,v 1.2 2017/04/
#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
#endif
-static const unsigned int pkg_key_usage = XKU_CODE_SIGN | XKU_SMIME;
+#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
+ defined(LIBRESSL_VERSION_NUMBER)
+#define X509_get_extended_key_usage(x) x->ex_xkusage
+#define X509_get_extension_flags(x) x->ex_flags
+#endif
-static int
-check_ca(X509 *cert)
-{
- if ((cert->ex_flags & EXFLAG_KUSAGE) != 0 &&
- (cert->ex_kusage & KU_KEY_CERT_SIGN) != KU_KEY_CERT_SIGN)
- return 0;
- if ((cert->ex_flags & EXFLAG_BCONS) != 0)
- return (cert->ex_flags & EXFLAG_CA) == EXFLAG_CA;
- if ((cert->ex_flags & (EXFLAG_V1|EXFLAG_SS)) == (EXFLAG_V1|EXFLAG_SS))
- return 1;
- if ((cert->ex_flags & EXFLAG_KUSAGE) != 0)
- return 1;
- if ((cert->ex_flags & EXFLAG_NSCERT) != 0 &&
- (cert->ex_nscert & NS_ANY_CA) != 0)
- return 1;
- return 0;
-}
+static const unsigned int pkg_key_usage = XKU_CODE_SIGN | XKU_SMIME;
static STACK_OF(X509) *
file_to_certs(const char *file)
@@ -180,18 +168,18 @@ easy_pkcs7_verify(const char *content, s
/* Compute ex_xkusage */
X509_check_purpose(sk_X509_value(signers, i), -1, -1);
- if (check_ca(sk_X509_value(signers, i))) {
+ if (X509_check_ca(sk_X509_value(signers, i))) {
warnx("CA keys are not valid for signatures");
goto cleanup;
}
if (is_pkg) {
- if (sk_X509_value(signers, i)->ex_xkusage != pkg_key_usage) {
+ if (X509_get_extended_key_usage(sk_X509_value(signers, i)) != pkg_key_usage) {
warnx("Certificate must have CODE SIGNING "
"and EMAIL PROTECTION property");
goto cleanup;
}
} else {
- if (sk_X509_value(signers, i)->ex_xkusage != 0) {
+ if (X509_get_extension_flags(sk_X509_value(signers, i)) & EXFLAG_XKUSAGE) {
warnx("Certificate must not have any property");
goto cleanup;
}
@@ -271,12 +259,12 @@ easy_pkcs7_sign(const char *content, siz
/* Compute ex_kusage */
X509_check_purpose(certificate, -1, 0);
- if (check_ca(certificate)) {
+ if (X509_check_ca(certificate)) {
warnx("CA keys are not valid for signatures");
goto cleanup;
}
- if (certificate->ex_xkusage != pkg_key_usage) {
+ if (X509_get_extended_key_usage(certificate) != pkg_key_usage) {
warnx("Certificate must have CODE SIGNING "
"and EMAIL PROTECTION property");
goto cleanup;
Index: src/external/bsd/pkg_install/dist/lib/pkg_io.c
diff -u src/external/bsd/pkg_install/dist/lib/pkg_io.c:1.2 src/external/bsd/pkg_install/dist/lib/pkg_io.c:1.2.4.1
--- src/external/bsd/pkg_install/dist/lib/pkg_io.c:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/lib/pkg_io.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: pkg_io.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: pkg_io.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $ */
/*-
* Copyright (c) 2008, 2009 Joerg Sonnenberger <jo...@netbsd.org>.
* All rights reserved.
@@ -36,7 +36,7 @@
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: pkg_io.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: pkg_io.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $");
#include <archive.h>
#include <archive_entry.h>
@@ -49,6 +49,7 @@ __RCSID("$NetBSD: pkg_io.c,v 1.2 2017/04
#include <stdlib.h>
#ifdef BOOTSTRAP
+#undef IS_URL
#define IS_URL(x) 0
#else
#include <fetch.h>
Index: src/external/bsd/pkg_install/dist/lib/vulnerabilities-file.c
diff -u src/external/bsd/pkg_install/dist/lib/vulnerabilities-file.c:1.2 src/external/bsd/pkg_install/dist/lib/vulnerabilities-file.c:1.2.4.1
--- src/external/bsd/pkg_install/dist/lib/vulnerabilities-file.c:1.2 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/lib/vulnerabilities-file.c Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: vulnerabilities-file.c,v 1.2 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: vulnerabilities-file.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $ */
/*-
* Copyright (c) 2008, 2010 Joerg Sonnenberger <jo...@netbsd.org>.
@@ -38,7 +38,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.2 2017/04/20 13:18:23 joerg Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.2.4.1 2019/10/21 16:57:40 martin Exp $");
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
@@ -608,18 +608,19 @@ check_ignored_entry(struct pkg_vulnerabi
int
audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
- const char *limit_vul_types, int output_type)
+ const char *limit_vul_types, int include_ignored, int output_type)
{
FILE *output = output_type == 1 ? stdout : stderr;
size_t i;
- int retval, do_eol;
+ int retval, do_eol, ignored;
retval = 0;
do_eol = (strcasecmp(check_eol, "yes") == 0);
for (i = 0; i < pv->entries; ++i) {
- if (check_ignored_entry(pv, i))
+ ignored = check_ignored_entry(pv, i);
+ if (ignored && !include_ignored)
continue;
if (limit_vul_types != NULL &&
strcmp(limit_vul_types, pv->classification[i]))
@@ -642,11 +643,13 @@ audit_package(struct pkg_vulnerabilities
}
retval = 1;
if (output_type == 0) {
- puts(pkgname);
+ fprintf(stdout, "%s%s\n",
+ pkgname, ignored ? " (ignored)" : "");
} else {
fprintf(output,
- "Package %s has a %s vulnerability, see %s\n",
- pkgname, pv->classification[i], pv->advisory[i]);
+ "Package %s has a%s %s vulnerability, see %s\n",
+ pkgname, ignored ? "n ignored" : "",
+ pv->classification[i], pv->advisory[i]);
}
}
return retval;
Index: src/external/bsd/pkg_install/dist/lib/version.h
diff -u src/external/bsd/pkg_install/dist/lib/version.h:1.11 src/external/bsd/pkg_install/dist/lib/version.h:1.11.4.1
--- src/external/bsd/pkg_install/dist/lib/version.h:1.11 Thu Apr 20 13:18:23 2017
+++ src/external/bsd/pkg_install/dist/lib/version.h Mon Oct 21 16:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: version.h,v 1.11 2017/04/20 13:18:23 joerg Exp $ */
+/* $NetBSD: version.h,v 1.11.4.1 2019/10/21 16:57:40 martin Exp $ */
/*
* Copyright (c) 2001 Thomas Klausner. All rights reserved.
@@ -27,6 +27,6 @@
#ifndef _INST_LIB_VERSION_H_
#define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION 20170419
+#define PKGTOOLS_VERSION 20191008
#endif /* _INST_LIB_VERSION_H_ */
