pkgsrc-users: Re: README.html: cannot find vulnerability list

Subject: Re: README.html: cannot find vulnerability list
To: None <pkgsrc-users@netbsd.org>
From: David Lord <netbsd@lordynet.org>
List: pkgsrc-users
Date: 08/06/2007 09:40:46
On 5 Aug 2007, at 21:03, Gary Thorpe wrote:

> --- Adrian Portelli <adrianp@stindustries.net> wrote:
> 
> > Gary Thorpe wrote:
> > ...
> > > 
> > > I applied the patch but the result seems to be the same:
> > > 
> > ...
> > 
> > Hi,
> > 
> > Could you please do a 'cvs update' and try again ?  I think I found
> > the
> > problem and committed a fix for it.
> > 
> > thanks,
> > 
> > adrian.
> > 
> > 
> 
> Hi,
> 
> I updated just a while ago and it now finds and includes some
> vulnerability information:
> 
> Loading binary package cache file...
>     * /usr/pkgsrc/packages/.pkgcache
> Flattening dependencies
> Flattening build dependencies
> Reading vulnerability file "/usr/pkgsrc/distfiles/pkg-vulnerabilities"
>  which was updated at Jul 3 11:01
> 
>    Loaded 2560 vulnerabilities
> Only creating README for www/firefox
> Generating README.html files

Here I find that audit-packages man page gives flags such as -V and 
more importantly -Q varname, but the audit-packages script itself 
both here and also as checked on ftp.NetBSD.org doesn't include use 
of those flags. The -Q option is used in make readme scripts. I've 
emailed Adrian with debug output etc.

David


*************
bash-3.2$ pkg_info -V
20070802

bash-3.2$ audit-packages -V
Unknown option -V
Usage: audit-packages [-dv] [-K pkg_dbdir] [-p package]
    -d : Run download-vulnerability-list before anything else.
    -K : Use pkg_dbdir as PKG_DBDIR.
    -p : Check a specific package for vulnerabilities.
    -v : Verbose mode

bash-3.2$ audit-packages -Q PKGVULNDIR
Unknown option -Q
Usage: audit-packages [-dv] [-K pkg_dbdir] [-p package]
    -d : Run download-vulnerability-list before anything else.
    -K : Use pkg_dbdir as PKG_DBDIR.
    -p : Check a specific package for vulnerabilities.
    -v : Verbose mode

bash-3.2$ cat /usr/pkg/sbin/audit-packages
#! /bin/sh
#
# $NetBSD: audit-packages,v 1.31 2007/07/10 15:27:57 joerg Exp $

........

while [ $# -gt 0 ]; do
        case "$1" in
        -d)     download=yes ;;
        -v)     verbose=yes ;;
        -p)
                one_package="$2"
                shift
                ;;
        -K)
                export PKG_DBDIR="$2"
                shift
                ;;
        *)
                usage "$0" "Unknown option $1"
        esac
        shift
done


bash-3.2$ grep "audit-packages" /usr/pkgsrc/mk/bsd.pkg.readme.mk 
                _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \
                        audit-packages ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME} |${AWK} \
                _PVDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \