>Number:         21393
>Category:       pkg
>Synopsis:       check-vulnerable is slow (patch included)
>Confidential:   yes
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 29 17:23:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.6
>Organization:
http://bsd.reedmedia.net/
>Environment:
	
	
System: NetBSD rainier.reedmedia.net 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 reed@rainier.reedmedia.net:/usr/src/sys/arch/i386/compile/JCR-20020927 i386
Architecture: i386
Machine: i386
>Description:
The new check-vulnerable is a nice feature, but it is slow.
It runs pkg_admin against every listing in vulnerability file.
Since it already is in awk, let awk check first.

Also, maybe it should match the comment # at beginning of line too.
Because a URL could contain a # hash mark.

>How-To-Repeat:
Build on a slow computer :)
>Fix:
Please check the following. I did change the formatting a little.
Notice it also skips blank lines.

diff -b -u -r1.1173 bsd.pkg.mk
--- mk/bsd.pkg.mk	2003/04/29 14:34:19	1.1173
+++ mk/bsd.pkg.mk	2003/04/29 17:21:33
@@ -1408,7 +1408,10 @@
 check-vulnerable:
 	@if [ -f ${PKGVULNDIR}/vulnerabilities ]; then			\
 		${SETENV} PKGNAME="${PKGNAME}"				\
-			${AWK} '/#.*/ { next }				\
+		${SETENV} PKGBASE="${PKGBASE}"				\
+		${AWK} '/^$$/ { next }					\
+			/^#.*/ { next }					\
+			($$1 !~ ENVIRON["PKGBASE"]) { next }		\
 				{ s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${PKGVULNDIR}/vulnerabilities || ${FALSE}; \
 	fi
 
>Release-Note:
>Audit-Trail:
>Unformatted: