--k3qmt+ucFURmlhDS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Feb 27, 2005 at 03:25:50AM +0100, Roland Illig wrote:
> Hi all,
> 
> I was bored by waiting 5 (NetBSD) to 15 (Solaris) seconds on the 
> check-vulnerable target to finish, so I wrote a replacement for it. May 
>  I integrate it into pkgsrc if I document it properly?
> 
> Before the patch, one pkg_admin(8) process is spawned for every line in
> pkg-vulnerabilities. There are almost 1000 lines now, and the number is 
> monotonically increasing. After the patch, pkg_admin(8) is just called once.

I like your patch, but I thought I'd tackle the problem at source, the
way it used to be done.

I took smb's suggestion, and added a check in for a metacharacter in the
"skip" case, which makes things a lot faster for me, and restores the
previous behaviour of only running a pkg_admin check if the PKGBASE is
the vulnerable pattern, or if there's a metacharacter in the pattern.

Further testing is needed - hence this mail.

Regards,
Alistair

--k3qmt+ucFURmlhDS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="check-vulnerable.diff"

Index: bsd.pkg.mk
===================================================================
RCS file: /cvsroot/pkgsrc/mk/bsd.pkg.mk,v
retrieving revision 1.1595
diff -u -r1.1595 bsd.pkg.mk
--- bsd.pkg.mk	25 Feb 2005 13:05:52 -0000	1.1595
+++ bsd.pkg.mk	27 Feb 2005 14:08:56 -0000
@@ -1390,6 +1390,7 @@
 			  PKGBASE="${PKGBASE}"				\
 			${AWK} '/^$$/ { next }				\
 				/^#.*/ { next }				\
+				$$1 !~ ENVIRON["PKGBASE"] && $$1 !~ /\{/ { next } \
 				{ s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${PKGVULNDIR}/pkg-vulnerabilities || ${FALSE}; \
 	fi
 

--k3qmt+ucFURmlhDS--