pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/36662: pkgtools/pkg_install's audit_packages appears to be platform-specific
>Number: 36662
>Category: pkg
>Synopsis: pkgtools/pkg_install's audit_packages appears to be
>platform-specific
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jul 17 15:25:00 +0000 2007
>Originator: Stuart Shelton
>Release: n/a
>Organization:
>Environment:
IRIX64 octane 6.5 07202013 IP30
>Description:
I've spotted two problems with pkgtools/pkg_install-20070715:
In audit_pacakges.c:
Line 44
'#include <err.h>' is no good on platforms which lack err.h
Correcting this to '#include <nbcompat/err.h>' works.
Line 771
't_pvfile = pvstat.st_ctimespec.tv_sec;' is odd, because I can't find any
stat() implementation which returns a 'st_ctimespec' struct (this seems to be
entirely *BSD specific)! Changing this to 't_pvfile = pvstat.st_ctime;' allows
the code to compile - but I'm not sure it will do what the author intended.
Further bugs in audit_packages:
Currently, 'pkg-vulnerabilities' is downloaded to '/usr/bsd/src/distfiles/'.
Even if I pass the '-K' flag to audit_packages, it only appears to look in
'/usr/bsd/var/db/pkg/'.
If I use the '-v' flag, the output is:
"/usr/bsd/var/db/pkg/pkg-vulnerabilities more than a week old, continuing...
audit-packages: Unable to open: /usr/bsd/var/db/pkg/pkg-vulnerabilities"
... so the code (admittedly, affected by the about change) is calling stat() on
a file which doesn't exist before checking if it exists.
If I use '-vv' then I always get:
"Reading settings from: /usr/bsd/etc/audit-packages.conf
debug2: Using PKGDB_DIR: /usr/bsd/var/db/pkg
debug2: Using pkg-vulnerabilities file: /usr/bsd/var/db/pkg/pkg-vulnerabilities
debug2: Using verify tool: /usr/bsd/bin/gpg
debug2: Using ignore directives: Segmentation fault (core dumped)"
... upon which dbx says:
"Core from signal SIGSEGV: Segmentation violation
(dbx) where
> 0 strlen(0x0, 0x2, 0xfb55d08, 0xfb55d10, 0xfb4fbc8, 0x0, 0x1, 0x0)
> ["/xlv52/patches/7143/work/irix/lib/libc/libc_n32_M4/strings/strlen.s":58,
> 0xfa43040]
1 _doprnt_s(0x1, 0xfb4fbe8, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0)
["/xlv52/patches/7143/work/irix/lib/libc/libc_n32_M4/print/inline_doprnt.c":486,
0xfaac360]
2 <Unknown>() [< unknown >, 0x10004b34]"
This appears to be because IRIX' libc (in common with some other UNIX
platforms?) can't seem to handle a NULL argument to *printf().
The fix would appear to be to insert 'if (ignore != NULL)' before line 311.
Finally, running download-vulnerability-list results in audit-packages dying
with a Bus Error on lines 172 and 173.
Running this through a debugger, the fault occurs on line 702 of libnbcompat's
sha2.c in the function SHA512_Transform
audit-packages from pkg_install-20070416 works perfectly.
>How-To-Repeat:
Attempt to install pkg_install-20070715, attempt to compile on non-NetBSD
platform; attempt to use audit-packages.
>Fix:
Reverting to pkg_install-20070416 seems to be the best fix - this compiles
cleanly first-time, and audit-packages works just fine and doesn't segfault.
Home |
Main Index |
Thread Index |
Old Index