netbsd-bugs: pkg/15395: bsd.pkg.mk show-vulnerabilities confuses package names with common prefix

Subject: pkg/15395: bsd.pkg.mk show-vulnerabilities confuses package names with common prefix
To: None <gnats-bugs@gnats.netbsd.org>
From: None <paul@mcjones.org>
List: netbsd-bugs
Date: 01/27/2002 09:43:23

>Number:         15395
>Category:       pkg
>Synopsis:       bsd.pkg.mk show-vulnerabilities confuses package names with common prefix
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 27 09:43:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Paul McJones
>Release:        1.5.2
>Organization:
>Environment:
NetBSD shark 1.5.2 NetBSD 1.5.2 (SHARK) #12: Sat Aug 18 06:04:05 CEST 2001     he@hai.urc.uninett.no:/usr/src/sys/arch/arm32/compile/SHARK arm32
>Description:
I noticed that the README.html for the editors/sam package warned of vulnerabilities affecting various versions of samba. I believe this is because /usr/pkgsrc/mk/bsd.pkg.mk ($NetBSD: bsd.pkg.mk,v 1.885 2001/12/22 05:45:23 jlam Exp $) doesn't have a fancy enough pattern to compare the current package name against the vulnerabilities database:

show-vulnerabilities:
        @if [ -f ${DISTDIR}/vulnerabilities ]; then                     \
                ${AWK} '/^${PKGBASE}/ { print $$0 }' ${DISTDIR}/vulnerabilities; \
        else                                                            \
                ${ECHO} "No vulnerabilities list found.";               \
        fi

>How-To-Repeat:
Do "make show-vulnerabilities" in a package whose name is a prefix of another package that is in the vulnerabilities database.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: