NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/38231: download-vulnerability-list -c option is broken

>Number:         38231
>Category:       bin
>Synopsis:       download-vulnerability-list -c option is broken
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 12 14:50:00 +0000 2008
>Originator:     Jim Bernard
>Release:        NetBSD 4.99.49
System: NetBSD 4.99.49 Mon Jan 21 19:17:34 MST 2008 i386
Architecture: i386
Machine: i386
        The download-vulnerability-list script attempts to support the
        command-line option "-c config-file" to specify a config file
        other than the default /etc/audit-packages.conf.  But it processes
        the command-line arguments in a loop within which, while processing
        the "-c" flag, it stores the value of the following argument as the
        file name, but doesn't shift it off the list, so that on the next
        iteration that file name is processed as an option.  Since random
        file names aren't recognized as valid options, execution terminates.

        The bug is present in -current as of the date of this PR, not just
        the date of my last build.

        Read the script or (e.g.):

        % echo "PKGVULNDIR=/tmp" > /tmp/xxx.conf
        % download-vulnerability-list -c /tmp/xxx.conf

        The result is:

          Unknown option /tmp/xxx.conf
          Usage: download-vulnerability-list [-s] [-c config-file]
                -s : Verify the signature on the downloaded file.
                -c : Specify a custom configuration file to use.

        shift past the argument of -c:

---      2007-11-04 03:30:11.000000000 
+++   2008-03-12 08:30:03.000000000 -0600
@@ -69,10 +69,11 @@
+               shift
                usage "$0" "Unknown option $1"

Home | Main Index | Thread Index | Old Index