misc/116115: Bug in portaudit: it does not handle packagenames
with ,
Remko Lodder
remko at FreeBSD.org
Wed Sep 5 04:30:07 PDT 2007
The following reply was made to PR misc/116115; it has been noted by GNATS.
From: Remko Lodder <remko at FreeBSD.org>
To: Klavs Klavsen <klavs at EnableIT.dk>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/116115: Bug in portaudit: it does not handle packagenames
with ,
Date: Wed, 05 Sep 2007 13:26:24 +0200
Klavs Klavsen wrote:
>> Number: 116115
>> Category: misc
>> Synopsis: Bug in portaudit: it does not handle packagenames with ,
>> Confidential: no
>> Severity: critical
>> Priority: high
>> Responsible: freebsd-bugs
>> State: open
>> Quarter:
>> Keywords:
>> Date-Required:
>> Class: sw-bug
>> Submitter-Id: current-users
>> Arrival-Date: Wed Sep 05 10:20:01 GMT 2007
>> Closed-Date:
>> Last-Modified:
>> Originator: Klavs Klavsen
>> Release: FreeBSD-6.2
>> Organization:
> EnableIT
>> Environment:
> FreeBSD tomcat5-ny.telmore.dk 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 root at dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP i386
>
>> Description:
> Hi guys,
>
> I was just testing portaudit on FreeBSD 6.2.
>
> I have mod_jk-1.2.19,1 installed.
>
> a portaudit -Fda does not show it's vulnerable to anything.
>
> However - it really is, and it's in the vulndb as well.
>
> If I rename mod_jk-1.2.19,1 to mod_jk-1.2.19 a portaudit -Fda (or just -a)
> says it's vulnerable.
>
> So the conclusion is that portaudit's "version number" matching doesn't
> seem to handle ,'s all that well.
>> How-To-Repeat:
> rename mod_jk to mod_jk-1.2.19,1 and see it NOT work.
>> Fix:
>
>
Actually you are incorrect strictly seen. You are correct that there is
a problem though :-). Portaudit handles the ,\d perfectly, though
PORTEPOCH (as the ,\d is called) makes version handling very different.
If a port has PORTEPOCH, this always is 'newer' then any other version
available. This is to make sure we can rollback from newer version.
I fixed this in the vuxml document seconds ago.
Thanks for noting this!
Cheers
remko
--
Kind regards,
Remko Lodder ** remko at elvandar.org
FreeBSD ** remko at FreeBSD.org
/* Quis custodiet ipsos custodes */
More information about the freebsd-bugs
mailing list