Describe -K. Improve -i description. Sort options in SYNOPSIS. Remove
superfluous .Pp. Add EXIT STATUS section. Remove trailing whitespace.
Bump date for new -i.
the improved ALLOW_VULNERABILITIES support. This now has the ability to:
-p : Only check a single package
-i : Provide a list of vulnerabilities to ignore
-K : Specify an alternate pkg dbdir.
Bump the version to 0.40.
Give the audit-pacakges a "-d" option to download the vulnerabilities file
with downloaad-vulnerability-list before scanning the installed packages.
Update the documentation accordingly.
Get rid of some inconsistent style problems in the audit-packages script.
In download-vulnerability-list, first set the PKGVULNDIR, then create
the directory if it doesn't already exist.
Pointed out by Geert Hendrickx on tech-pkg@
as it's only used internally by bsd.prefs.mk.
* Make _PKGSRCDIR a public variable by renaming it to PKGSRCDIR.
Also, generate its value from ${_PKGSRC_TOPDIR} so it's less fragile
than the old method of stripping off the last two components of
${.CURDIR}. PKGSRCDIR may now be used after bsd.prefs.mk is defined.
* Change all references to _PKGSRCDIR to PKGSRCDIR.
in PR 25654 from Hauke Fath.
Take any non-standard values from audit-packages.conf file in
audit-packages as well as download-vulnerability-list.
Fix the pre-formatted documentation so that filenames to be
substituted are not formatted with the bold or underline "overstrikes"
on ttys, so that the correct sed substitutions take place at package
install time.
under IRIX. Other OS regen the catman page.
This addresses PR pkg/23452.
Since just depending on textproc/groff would pull in a large number of
packages (such as perl, ghostscript, tiff etc.), and since this is a very
important package that should NOT depend on all this gunk, Jeremy C. Reed
suggested this solution.
Ok agc.
By popular demand, add a -v switch to audit-packages(8) which enables the
check for a package vulnerabilities file being unchanged for over 7 days.
To enable the check, -v must be specified on the command line:
% audit-packages
% audit-packages -v
*** WARNING - /usr/distfiles/pkg-vulnerabilities more than a week old, continuing...
%
Difference from previous version (1.26):
+ if the vulnerability list is older than a week, just display a warning
message - don't consider this a fatal error.
+ get rid of unnecessary awk invocation in audit-packages, use shell
construction instead, pointed out by enami tsugutomo. Cuts system and
user execution times for audit-packages in half.
+ add (4-clause) licences to audit-packages and download-vulnerability-list
+ check integrity of pkg-vulnerabilities file in audit-packages by using
the same construct as in download-vulnerability-list
+ CSE in error checking in audit-packages
+ properly terminate a case expression in download-vulnerability-list
Simplify quoting syntax in the awk command, so that gawk-3.1.3 (as found in
NetBSD-current) doesn't have a problem with a malformed escape sequence.
With thanks to Johnny Lam for testing with an older version of gawk.
