ports/76191: portaudit target, check-vulnerable, take inordinate amounts of time

Anton Berezin tobez at FreeBSD.org
Thu Jan 13 09:00:40 UTC 2005 

>Number:         76191
>Category:       ports
>Synopsis:       portaudit target, check-vulnerable, take inordinate amounts of time
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 13 09:00:38 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Anton Berezin
>Release:        FreeBSD 5.3-STABLE amd64
>Organization:
>Environment:
>Description:

Every time check-vulnerable is invoked, it runs pkg_version -T against
every non-comment line in the audit file.  As more and more
vulnerabilities are discovered, any port build (even make fetch) takes
longer.

Currently there are 912 non-comment lines in the audit file, so it takes
a while even on a fast machine.

This was discovered, discussed, and patched up by Valentin Nechayev
<netch at netch.kiev.ua> and myself.

>How-To-Repeat:
Install portaudit, go to any port, type make fetch and observe the
slow-down.
>Fix:

--- bsd.port.mk	Fri Dec 31 19:23:43 2004
+++ /tmp/bsd.port.mk	Wed Jan 12 23:12:18 2005
@@ -2953,8 +2953,8 @@ check-vulnerable:
 		if [ "$$audit_created" -lt "$$audit_expiry" ]; then \
 			${ECHO_MSG} "===>  WARNING: Vulnerability database out of date, checking anyway"; \
 		fi; \
-		vlist=`${_EXTRACT_AUDITFILE} | ${AWK} -F\| ' \
-			/^[^#]/ { \
+		vlist=`${_EXTRACT_AUDITFILE} | ${GREP} "${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}" | \
+			${AWK} -F\| ' /^[^#]/ { \
 				if (!system("${PKG_VERSION} -T \"${PKGNAME}\" \"" $$1 "\"")) \
 					print "=> " $$3 ".\n   Reference: <" $$2 ">" \
 			} \

Alternative, less strict variant:

--- bsd.port.mk	Fri Dec 31 19:23:43 2004
+++ /tmp/bsd.port.mk	Wed Jan 12 23:12:18 2005
@@ -2953,8 +2953,8 @@ check-vulnerable:
 		if [ "$$audit_created" -lt "$$audit_expiry" ]; then \
 			${ECHO_MSG} "===>  WARNING: Vulnerability database out of date, checking anyway"; \
 		fi; \
-		vlist=`${_EXTRACT_AUDITFILE} | ${AWK} -F\| ' \
-			/^[^#]/ { \
+		vlist=`${_EXTRACT_AUDITFILE} | ${GREP} "${PORTNAME}" | \
+			${AWK} -F\| ' /^[^#]/ { \
 				if (!system("${PKG_VERSION} -T \"${PKGNAME}\" \"" $$1 "\"")) \
 					print "=> " $$3 ".\n   Reference: <" $$2 ">" \
 			} \

Both variants work.  The second potentially produces more lines for
pkg_version consideration.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list