NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/38231: download-vulnerability-list -c option is broken
>Number: 38231
>Category: bin
>Synopsis: download-vulnerability-list -c option is broken
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Mar 12 14:50:00 +0000 2008
>Originator: Jim Bernard
>Release: NetBSD 4.99.49
>Organization:
>Environment:
System: NetBSD 4.99.49 Mon Jan 21 19:17:34 MST 2008 i386
Architecture: i386
Machine: i386
>Description:
The download-vulnerability-list script attempts to support the
command-line option "-c config-file" to specify a config file
other than the default /etc/audit-packages.conf. But it processes
the command-line arguments in a loop within which, while processing
the "-c" flag, it stores the value of the following argument as the
file name, but doesn't shift it off the list, so that on the next
iteration that file name is processed as an option. Since random
file names aren't recognized as valid options, execution terminates.
The bug is present in -current as of the date of this PR, not just
the date of my last build.
>How-To-Repeat:
Read the script or (e.g.):
% echo "PKGVULNDIR=/tmp" > /tmp/xxx.conf
% download-vulnerability-list -c /tmp/xxx.conf
The result is:
Unknown option /tmp/xxx.conf
Usage: download-vulnerability-list [-s] [-c config-file]
-s : Verify the signature on the downloaded file.
-c : Specify a custom configuration file to use.
>Fix:
shift past the argument of -c:
--- download-vulnerability-list.sh.in-dist 2007-11-04 03:30:11.000000000
-0700
+++ download-vulnerability-list.sh.in 2008-03-12 08:30:03.000000000 -0600
@@ -69,10 +69,11 @@
verify=yes
;;
-c)
custom_conf=yes
local_conf="$2"
+ shift
;;
*)
usage "$0" "Unknown option $1"
esac
shift
Home |
Main Index |
Thread Index |
Old Index