install -d -m 755 $(DESTDIR)$(includedir)/pkg

	install -m 644 $(top_srcdir)/libpkg/pkg/audit.h $(DESTDIR)$(includedir)/pkg

exctags -f /dev/stdout --c-kinds=fp pkg.h pkg/*.h | awk 'BEGIN { print "LIBPKG_1.4 {"; print "global:" } /^[^!]/ { print "\t"$1";" } END { print "# Symbols from libcsu\n\t__progname;\n\tenviron;\nlocal:\n\t*;\n};" }' > libpkg.ver

/*

 * Copyright (c) 2020 Baptiste Daroussin <bapt@FreeBSD.org>

 * Copyright (c) 2014-2016 Vsevolod Stakhov <vsevolod@FreeBSD.org>

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer

 *    in this position and unchanged.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR

 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 */

#ifndef _PKG_AUDIT_H

#define _PKG_AUDIT_H

struct pkg_audit_version {

	char *version;

	int type;

};

struct pkg_audit_versions_range {

	struct pkg_audit_version v1;

	struct pkg_audit_version v2;

	struct pkg_audit_versions_range *next;

};

struct pkg_audit_cve {

	char *cvename;

	struct pkg_audit_cve *next;

};

struct pkg_audit_pkgname {

	char *pkgname;

	struct pkg_audit_pkgname *next;

};

struct pkg_audit_package {

	struct pkg_audit_pkgname *names;

	struct pkg_audit_versions_range *versions;

	struct pkg_audit_package *next;

};

struct pkg_audit_entry {

	const char *pkgname;

	struct pkg_audit_package *packages;

	struct pkg_audit_pkgname *names;

	struct pkg_audit_versions_range *versions;

	struct pkg_audit_cve *cve;

	char *url;

	char *desc;

	char *id;

	bool ref;

	struct pkg_audit_entry *next;

};

/**

 * Creates new pkg_audit structure

 */

struct pkg_audit * pkg_audit_new(void);

/**

 * Fetch and extract audit file from url `src` to the file `dest`

 * If no update is required then this function returns `EPKG_UPTODATE`

 * @return error code

 */

int pkg_audit_fetch(const char *src, const char *dest);

/**

 * Load audit file into memory

 * @return error code

 */

int pkg_audit_load(struct pkg_audit *audit, const char *fname);

/**

 * Process loaded audit structure.

 * Can and should be executed after cap_enter(3) or another sandboxing call

 * @return error code

 */

int pkg_audit_process(struct pkg_audit *audit);

#if defined(__XSTRING_H_)

/**

 * Check whether `pkg` is vulnerable against processed `audit` structure.

 * If a package is vulnerable, then `result` is set to sbuf describing the

 * vulnerability. If `quiet` is true, then this function produces reduced output

 * just returning a name of vulnerable package.

 * It's caller responsibility to free `result` after use

 * @return true and `*result` is set if a package is vulnerable

 */

bool pkg_audit_is_vulnerable(struct pkg_audit *audit, struct pkg *pkg,

		bool quiet, xstring **result, int *affected);

#endif

void pkg_audit_free(struct pkg_audit *audit);

#endif

		-I$(top_srcdir)/external/libucl/include \

#include <pkg/audit.h>

#include <pkg/audit.h>