pkg/42172: pkgtools/lintpkgsrc contains incorrect path to pkg-vulnerabilities file (plus: no internal version check available)

[bughunting%xs4all.nl@localhost]

>Number:         42172
>Category:       pkg
>Synopsis:       pkgtools/lintpkgsrc contains incorrect path to 
>pkg-vulnerabilities file (plus: no internal version check available)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 11 13:15:00 +0000 2009
>Originator:     Bug Hunting
>Release:        
>Organization:
>Environment:
>Description:
pkgtools/lintpkgsrc (version 4.82, from pkgsrc-current) uses an incorrect 
(outdated) path to the pkg-vulnerabilities file, which is also mentioned in its 
manpage.

On a sidenote, the program has no ability to check its own version number, the 
way pkgtools/pkglint has (`-V' or `--version').  Perhaps this has been left out 
purposely though, and `-V' is in use already as well.  However, for example, 
`-v' or `--version' (being the first option with two dashes, though) could 
optionally be used for this.  To add this functionality, the `-V|--version' 
code from pkgtools/pkglint could be used as a base.
>How-To-Repeat:
$ lintpkgsrc -V
Unable to open '/usr/pkgsrc/distfiles/pkg-vulnerabilities': No such file or 
directory


Also:

"man lintpkgsrc | less -ppkg-vulnerabilities"
>Fix:
No complete fix provided, but the following files should be altered / 
regenerated:

pkgtools/pkglint/files/lintpkgsrc.pl (line 135, at the least)
pkgtools/pkglint/files/lintpkgsrc.1 (line 163)
pkgtools/pkglint/files/lintpkgsrc.0 (should be regenerated)
pkgtools/pkglint/files/makevars.map (unsure, but mentions `PKGVULNDIR')