From 3eb66e95ef16caa0c8cc8eab5071bb02c2ce46dc Mon Sep 17 00:00:00 2001
From: "Bruce A. Mah" <bmah@FreeBSD.org>
Date: Fri, 9 Feb 2001 20:07:06 +0000
Subject: [PATCH] Prevent the commands output of pkg_version.pl from being
 executed without the user actually editing the output.  Too many people were
 rampantly abusing this feature via "pkg_version -c | sh" without really being
 cognizant of the dangers involved (ports upgrade kits) or the fact that it
 just plain wasn't designed for it (dependencies).  We'll try to keep people
 from shooting themselves in the foot.

Will be MFC-ed to RELENG_4 and RELENG_3 after cooling-off period.
---
 usr.sbin/pkg_install/version/pkg_version.pl | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/usr.sbin/pkg_install/version/pkg_version.pl b/usr.sbin/pkg_install/version/pkg_version.pl
index 633e1078657..3a575107354 100755
--- a/usr.sbin/pkg_install/version/pkg_version.pl
+++ b/usr.sbin/pkg_install/version/pkg_version.pl
@@ -324,6 +324,20 @@ while (<INDEX>) {
 }
 close INDEX;
 
+#
+# If we're doing commands output, cripple the output so that users
+# can't just pipe the output to sh(1) and expect this to work.
+#
+if ($ShowCommandsFlag) {
+    print<<EOF
+echo "The commands output of pkg_version cannot be executed without editing."
+echo "You MUST save this output to a file and then edit it, taking into"
+echo "account package dependencies and the fact that some packages cannot"
+echo "or should not be upgraded." 
+exit 1
+EOF
+}
+
 #
 # Produce reports
 #