aboutsummaryrefslogblamecommitdiff
path: root/Mk/Scripts/check-vulnerable.sh
blob: 69d9f8db06c96611053f51d9c93662889b07fc8f (plain) (tree) 
3255095c16f9

3255095c16f9




f916081e1cf3

3255095c16f9



c3dba507a036

3255095c16f9












5ba3aba7ff8a




127e896f232b

5ba3aba7ff8a






3255095c16f9

1

2
3
4
5

6

7
8
9

10

11
12
13
14
15
16
17
18
19
20
21
22

23
24
25
26

27

28
29
30
31
32
33

34

         



                                 
               


                                 
                                                          











                                                                                   



                                 
                                                       





                                                                                                                    
  
#!/bin/sh
#
# MAINTAINER: portmgr@FreeBSD.org

set -e
set -o pipefail

. "${dp_SCRIPTSDIR}/functions.sh"

validate_env dp_ECHO_MSG dp_PKG_BIN dp_PORTNAME dp_PKGNAME

[ -n "${DEBUG_MK_SCRIPTS}" -o -n "${DEBUG_MK_SCRIPTS_CHECK_VULNERABLE}" ] && set -x

set -u

# If the package is pkg, disable these checks, it fails while
# upgrading when pkg is not there.
# FIXME: check is this is still true
if [ "${dp_PORTNAME}" = "pkg" ]; then
	exit 0
fi

if [ ! -x "${dp_PKG_BIN}" ]; then
	exit 0
fi

if ! vlist=$(${dp_PKG_BIN} audit "${dp_PKGNAME}"); then
	${dp_ECHO_MSG} "===>  ${dp_PKGNAME} has known vulnerabilities:"
	${dp_ECHO_MSG} "$vlist"
	${dp_ECHO_MSG} "=> Please update your ports tree and try again."
	${dp_ECHO_MSG} "=> Note: Vulnerable ports are marked as such even if there is no update available."
	${dp_ECHO_MSG} "=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'"
	exit 1
fi
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 09:53:01 +0000