1
#!/bin/sh
2
#
3
# MAINTAINER: [email protected]
4

5
set -e
6
set -o pipefail
7

8
. "${dp_SCRIPTSDIR}/functions.sh"
9

10
validate_env dp_ECHO_MSG dp_PKG_BIN dp_PORTNAME dp_PKGNAME
11

12
[ -n "${DEBUG_MK_SCRIPTS}" -o -n "${DEBUG_MK_SCRIPTS_CHECK_VULNERABLE}" ] && set -x
13

14
set -u
15

16
# If the package is pkg, disable these checks, it fails while
17
# upgrading when pkg is not there.
18
# FIXME: check is this is still true
19
if [ "${dp_PORTNAME}" = "pkg" ]; then
20
	exit 0
21
fi
22

23
if [ ! -x "${dp_PKG_BIN}" ]; then
24
	exit 0
25
fi
26

27
if ! vlist=$(${dp_PKG_BIN} audit "${dp_PKGNAME}"); then
28
	${dp_ECHO_MSG} "===>  ${dp_PKGNAME} has known vulnerabilities:"
29
	${dp_ECHO_MSG} "$vlist"
30
	${dp_ECHO_MSG} "=> Please update your ports tree and try again."
31
	${dp_ECHO_MSG} "=> Note: Vulnerable ports are marked as such even if there is no update available."
32
	${dp_ECHO_MSG} "=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'"
33
	exit 1
34
fi
35

36