NetBSD Problem Report #32353

From dauphin@enst.fr  Wed Dec 21 13:05:50 2005
Return-Path: <dauphin@enst.fr>
Received: from smtp2.enst.fr (revol1.enst.fr [137.194.32.27])
	by narn.netbsd.org (Postfix) with ESMTP id 1FAF463B976
	for <gnats-bugs@gnats.netbsd.org>; Wed, 21 Dec 2005 13:05:50 +0000 (UTC)
Message-Id: <1135170344.0@bi.enst.fr>
Date: Wed, 21 Dec 2005 14:05:44 +0100
From: "Gilles Dauphin" <dauphin@enst.fr>
To: "gnats bugs" <gnats-bugs@netbsd.org>
Subject: mk/bulk/upload lintpkgsrc upload vulnerable
X-Send-Pr-Version: gtk-send-pr 0.4.5 
X-GNATS-Notify:

>Number:         32353
>Category:       pkg
>Synopsis:       mk/bulk/upload lintpkgsrc upload vulnerable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dholland
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 21 13:10:00 +0000 2005
>Last-Modified:  Tue Mar 26 19:55:44 +0000 2013
>Originator:     Gilles Dauphin
>Release:        SunOS 5.10 i86pc
>Organization:
ENST 
>Environment:


System: SunOS bi.enst.fr 5.10 Generic_118844-20 i86pc


>Description:


--------------does not work if distdir != /usr/pkgsrc/distfiles/ --------------
[root@u2 604] echo lintpkgsrc $lintpkgsrc_cache  -K $packages -P $pkgsrcdir -V
lintpkgsrc -K /usr/pkgsrc/packages -P /usr/pkgsrc -V
[root@u2 605] echo $DISTDIR
/cal/archives/pub/pkgsrc/distfiles
[root@u2 606] echo $distdir
/cal/archives/pub/pkgsrc/distfiles
[root@u2 607] lintpkgsrc $lintpkgsrc_cache  -K $packages -P $pkgsrcdir -V
Unable to open 'pkg-vulnerabilities': No such file or directory
[root@u2 608]
------------------------- work with -M $distdir --------------------
[root@u2 609] lintpkgsrc $lintpkgsrc_cache -M $distdir -K $packages -P $pkgsrcdir -V 
Scanning Makefiles: ........
etc....


>How-To-Repeat:


sh mk/bulk/upload with distfiles != /usr/pkgsrc/distfiles


>Fix:


diff -bu upload.orig upload
--- upload.orig Thu Jul 28 02:37:43 2005
+++ upload      Wed Dec 21 13:56:11 2005
@@ -94,10 +94,10 @@
 echo "Checking for restricted and out of date packages:"
 # -p  =  report old versions of packages
 # -R  =  report restricted packages
-lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -pR  | sed 's@'$packages'/@@' > "$exf"
+lintpkgsrc $lintpkgsrc_cache -M $distdir -K $packages -P $pkgsrcdir -pR  | sed 's@'$packages'/@@' > "$exf"

 echo "Checking for vulnerable packages:"
-lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -V  | sed 's@'$packages'/@@' > "$vf"
+lintpkgsrc $lintpkgsrc_cache -M $distdir -K $packages -P $pkgsrcdir -V  | sed 's@'$packages'/@@' > "$vf"

 RSFLAGS="-vap --progress $RSYNC_OPTS"




>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->grant
Responsible-Changed-By: recht@netbsd.org
Responsible-Changed-When: Thu, 22 Dec 2005 12:25:28 +0000
Responsible-Changed-Why:
Over to responsible person.


Responsible-Changed-From-To: grant->pkg-manager
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Sun, 21 Mar 2010 15:54:12 +0000
Responsible-Changed-Why:
Back to role account, grant lost his commit bit.


From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: pkg/32353 (mk/bulk/upload lintpkgsrc upload vulnerable)
Date: Sun, 21 Mar 2010 17:28:00 +0100

 Is this still relevant now that the vulnerable filtering is no longer
 done?

 Joerg

From: David Holland <dholland-pbugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: pkg/32353 (mk/bulk/upload lintpkgsrc upload vulnerable)
Date: Tue, 23 Mar 2010 18:36:11 +0000

 On Sun, Mar 21, 2010 at 04:30:04PM +0000, Joerg Sonnenberger wrote:
  >  Is this still relevant now that the vulnerable filtering is no longer
  >  done?

 One of the checks the patch adjusts is for restricted packages.

 I don't see why lintpkgsrc should need to know where the distfiles are
 to do either of those checks, but it certainly shouldn't do any harm.

 It seems like a reasonable change to apply as a precaution anyway...

 -- 
 David A. Holland
 dholland@netbsd.org

Responsible-Changed-From-To: pkg-manager->dholland
Responsible-Changed-By: bsiegert@NetBSD.org
Responsible-Changed-When: Tue, 26 Mar 2013 19:55:44 +0000
Responsible-Changed-Why:
David, you spoke in favor of applying this, please go ahead.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.