Hi,
I have some machines on which, for various reasons, only ports are used.
On upgrading ports, I keep running into the the fact that
/var/db/pkg/vuln.xml is lagging behind /usr/ports/security/vuxml/vuln.xml
which is updated via portsnap (and thus upgrading the vulnerable ports
fails).
So I'd like to propose defaulting to vuln.xml from ports if it is newer
that the one from /var/db/pkg/ and AUDITFILE is not defined by the user.
Tentative patch attached (I'm not happy with the != constuct).
--
IOnut - Un^d^dregistered ;) FreeBSD "user"
"Intellectual Property" is nowhere near as valuable as "Intellect"
FreeBSD committer -> ite...@freebsd.org, PGP Key ID 29597D20
Index: bsd.port.mk
===================================================================
--- bsd.port.mk (revision 392405)
+++ bsd.port.mk (working copy)
@@ -2970,14 +2970,15 @@
# Check if the port is listed in the vulnerability database
-AUDITFILE?= ${PKG_DBDIR}/vuln.xml
-_EXTRACT_AUDITFILE= ${CAT} "${AUDITFILE}"
+_AUDITFILE!= ${TEST} ${PORTSDIR}/security/vuxml/vuln.xml -nt ${PKG_DBDIR}/vuln.xml && \
+ ${ECHO} ${PORTSDIR}/security/vuxml/vuln.xml || ${ECHO} ${PKG_DBDIR}/vuln.xml
+AUDITFILE?= ${_AUDITFILE}
check-vulnerable:
.if !defined(DISABLE_VULNERABILITIES) && !defined(PACKAGE_BUILDING)
@if [ -f "${AUDITFILE}" ]; then \
if [ -x "${PKG_BIN}" ]; then \
- vlist=`${PKG_BIN} audit "${PKGNAME}" || :`; \
+ vlist=`${PKG_BIN} audit -f ${AUDITFILE} "${PKGNAME}" || :`; \
if [ "$${vlist}" = "0 problem(s) in the installed packages found." ]; then \
vlist=""; \
fi; \
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
