pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/35024: audit-packages(8) enhancement



>Number:         35024
>Category:       pkg
>Synopsis:       audit-packages(8) enhancement
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 09 17:15:00 +0000 2006
>Originator:     Jukka Salmi
>Release:        pkgsrc HEAD
>Description:
When using audit-packages' -p option the specified package name is
required to include the full version number. E.g. running
`audit-packages -p php' doesn not output any vulnerabilities even
though a vulnerable PHP package is installed; however, explicitly
specifying the php packages' version number makes this work:

$ audit-packages -p php-4.4.4nb3
Package php-4.4.4nb3 has a [...]

It would be nice if it wouldn't be required to specify the packages'
version number. IMHO this would be also more consistent with pkg_info(1)
usage.
>How-To-Repeat:
see above
>Fix:
Index: files/audit-packages
===================================================================
RCS file: /cvsroot/pkgsrc/security/audit-packages/files/audit-packages,v
retrieving revision 1.28
diff -u -p -r1.28 audit-packages
--- files/audit-packages        5 Oct 2006 14:26:42 -0000       1.28
+++ files/audit-packages        9 Nov 2006 16:51:52 -0000
@@ -197,8 +197,9 @@ while read pat type url; do
                vulnpkgs=`@PKG_TOOLS_BIN@/pkg_info -e "$pat"`
        else
                vulnpkgs=
-               if `@PKG_TOOLS_BIN@/pkg_admin pmatch "$pat" "$one_package"` ; 
then
-                       vulnpkgs=$one_package
+               one_pkg=`@PKG_TOOLS_BIN@/pkg_info -e "$one_package"`
+               if `@PKG_TOOLS_BIN@/pkg_admin pmatch "$pat" "$one_pkg"` ; then
+                       vulnpkgs=$one_pkg
                fi
        fi
        for pkg in $vulnpkgs ; do




Home | Main Index | Thread Index | Old Index