Subject: pkg/12763: download-vulnerability-list doesn't check for existance of vulnerabilities file
To: None <gnats-bugs@gnats.netbsd.org>
From: None <bsd@cs.ubc.ca>
List: netbsd-bugs
Date: 04/26/2001 11:51:42 
>Number:         12763
>Category:       pkg
>Synopsis:       download-vulnerability-list doesn't check for existance of vulnerabilities file
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 26 11:52:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Brian de Alwis
>Release:        pkgsrc-current, audit-packages-1.7
>Organization:
>Environment:
System: NetBSD fifty 1.5 NetBSD 1.5 (GENERIC) #1: Sun Nov 19 21:42:11 MET 2000 fvdl@sushi:/work/trees/netbsd-1-5/sys/arch/i386/compile/GENERIC i386


>Description:
	The script for download-vulnerability-list assumes a vulnerabilities
	list already exists. If one doesn't, then the script barfs.

	$ rm /data/downloads/vulnerabilities 
	$ download-vulnerability-list
	Connected to ftp.netbsd.org.
	220-
	220 ftp.netbsd.org FTP server (NetBSD-ftpd 20010417) ready.
	331 Guest login ok, type your name as password.
	[...]
	221 Thank you for using the FTP service on ftp.netbsd.org.
	ls: /data/downloads/vulnerabilities: No such file or directory
	[: -lt: argument expected
	$ 

	As a result, the vulnerabilities file isn't updated.

>How-To-Repeat:
	
>Fix:
	I changed the script to do:

*** /usr/pkg/sbin/download-vulnerability-list   Thu Apr 26 11:49:58 2001
--- download-vulnerability-list Thu Apr 26 11:49:16 2001
***************
*** 10,21 ****
--- 10,23 ----
  EXIST_VUL_LIST=/data/downloads/vulnerabilities
  
  /usr/bin/ftp -o ${NEW_VUL_LIST} ${VUL_SOURCE}
+ if [ -f ${EXIST_VUL_LIST} ]; then
      existsize=`/bin/ls -l ${EXIST_VUL_LIST} | /usr/bin/awk '{ print $5 }'`
      newsize=`/bin/ls -l ${NEW_VUL_LIST} | /usr/bin/awk '{ print $5 }'`
      if [ $newsize -lt $existsize ]; then
            echo "New vulnerability list ($$newsize bytes) is smaller than existing list ($$existsize bytes)" 1>&2
            /bin/rm -f ${NEW_VUL_LIST}
            exit 1
+     fi
  fi
  
  /bin/mv -f ${NEW_VUL_LIST} ${EXIST_VUL_LIST}

>Release-Note:
>Audit-Trail:
>Unformatted: