bsd.port.mk does a simple parsing of portaudit's output to determine if there is a vulnerability in a port. portaudit is called using "-X 14", which means that if the portaudit database is older than 14 days (which happens easily on workstations that are turned off at night or deliberately not using the daily portaudit job periodic script) portaudit produces output that is not expected and leads to wrongfully reporting the port as wrong. "*portnameXYZ* has known vulnerabilities" Fix: In a perfect word it would be best to make sure that portaudit has well defined exit codes for all possible scenarios. Given the "fuzzy" nature of the scripts involved I wrote a small and simple patch that just reinvokes portaudit a second time in case a problem has been reported. So if a refetch (or another temporary problem) caused the error it will succeed on a second attempt, while a correctly detected vulnerability will be detected a second time as well. Patch attached with submission follows: How-To-Repeat: Install a port on a machine that uses a more than 14 days old portaudit database.
Responsible Changed From-To: freebsd-ports-bugs->portmgr bsd.port.mk is portmgr territory (via the GNATS Auto Assign Tool)
State Changed From-To: open->closed Close per maintainer request
Since this has been closed "upon maintainer request", but without any comment/resolution from portmgr: Applying the patch would have been a matter of minutes, but nobody seems to have the time for it. The problem still exists, but will probably be irrelevant due to pkgng in a few years from now. -- Michael Gmelin
Sorry I misunderstood your mail, and I also did typo while closing I send per maintainer request instead of per submitter request. I'll apply the patch now that I do have review it :) Sorry about that. regards, Bapt
Author: bapt Date: Sun Jan 5 01:16:34 2014 New Revision: 338729 URL: http://svnweb.freebsd.org/changeset/ports/338729 Log: Reinvokes portaudit a second time in case a problem has been reported. So if a refetch (or another temporary problem) caused the error it will succeed on a second attempt, while a correctly detected vulnerability will be detected a second time. PR: ports/168479 Submitted by: Michael Gmelin <freebsd@grem.de> Modified: head/Mk/bsd.port.mk Modified: head/Mk/bsd.port.mk ============================================================================== --- head/Mk/bsd.port.mk Sun Jan 5 01:06:11 2014 (r338728) +++ head/Mk/bsd.port.mk Sun Jan 5 01:16:34 2014 (r338729) @@ -3338,6 +3338,11 @@ check-vulnerable: vlist=`${LOCALBASE}/sbin/portaudit -X 14 "${PKGNAME}" \ 2>&1 | grep -vE '^[0-9]+ problem\(s\) found.' \ || true`; \ + if [ -n "$$vlist" ]; then \ + vlist=`${LOCALBASE}/sbin/portaudit -X 14 "${PKGNAME}" \ + 2>&1 | grep -vE '^[0-9]+ problem\(s\) found.' \ + || true`; \ + fi ; \ else \ ${ECHO_MSG} "===> portaudit database exists, however, portaudit is not installed!"; \ fi; \ _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"