Date: Tue, 7 Feb 2006 13:26:45 +0800 (CST) From: Kuang-che Wu <kcwu@csie.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/92942: [PATCH] security/portaudit: update to 0.5.11 Message-ID: <200602070526.k175QjH4025891@kcwu.csie.org> Resent-Message-ID: <200602070530.k175UDNh060849@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 92942
>Category: ports
>Synopsis: [PATCH] security/portaudit: update to 0.5.11
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 07 05:30:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Kuang-che Wu
>Release: FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD kcwu.csie.org 7.0-CURRENT FreeBSD 7.0-CURRENT #4: Tue Jan 31 18:53:51 CST 2006
>Description:
portaudit invoke pkg_info more than two thousand times. Wastes lots of time to fork
processes for non-installed packages.
This patch try to avoid unnecessary invokes of pkg_info.
There are two assumtion in this patch:
1. package version number has no dash(-) characters.
2. portaudit db use only [<=>!] to indicate version, and [{}*?] are the only
special characters.
If there is no special characters (for shell expansion), this patch will check
whether the package is installed or not by precalculated regex.
If the package is not installed, further pkg_info call will be skip.
In my system with 439 ports installed, the original portaudit time:
$ time portaudit
real 0m41.749s
user 0m11.861s
sys 0m26.134s
$ time portaudit
real 0m4.719s
user 0m1.998s
sys 0m2.617s
(Note it invoked pkg_info 220 times.)
Port maintainer (secteam@FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:
--- portaudit-0.5.11.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/portaudit/Makefile /files/home/kcwu/work/ports/x/security/portaudit/Makefile
--- /usr/ports/security/portaudit/Makefile Mon Aug 1 09:38:55 2005
+++ /files/home/kcwu/work/ports/x/security/portaudit/Makefile Tue Feb 7 10:20:42 2006
@@ -6,7 +6,7 @@
#
PORTNAME= portaudit
-PORTVERSION= 0.5.10
+PORTVERSION= 0.5.11
CATEGORIES= security
DISTFILES=
@@ -35,6 +35,7 @@
-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
-e "s|%%REQPKGVER%%|${REQPKGVER}|g" \
-e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \
+ -e "s|%%PKG_DBDIR%%|${PKG_DBDIR}|g" \
.include <bsd.port.pre.mk>
diff -ruN --exclude=CVS /usr/ports/security/portaudit/files/portaudit-cmd.sh /files/home/kcwu/work/ports/x/security/portaudit/files/portaudit-cmd.sh
--- /usr/ports/security/portaudit/files/portaudit-cmd.sh Sat Jul 9 10:22:25 2005
+++ /files/home/kcwu/work/ports/x/security/portaudit/files/portaudit-cmd.sh Tue Feb 7 10:14:43 2006
@@ -131,6 +131,8 @@
local osversion=`sysctl -n kern.osreldate`
fixedre=`echo -n $portaudit_fixed | tr -c '[:alnum:]- \t\n' 'x' | tr -s ' \t\n' '|'`
+ #installedre=`$pkg_info | sed -e 's/-[^-]* .*$//g' | paste -s -d '|' -`
+ installedre=`cd %%PKG_DBDIR%% && ls | sed -e 's/-[^-]*$//g' | paste -s -d '|' -`
extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"'
BEGIN { vul=0; fixedre="'"$fixedre"'" }
@@ -143,6 +145,9 @@
"To disable this check add the uuid to \`portaudit_fixed'"'"' in %%PREFIX%%/etc/portaudit.conf")
}
next
+ }
+ $1 ~ /^[^{}*?]*[<=>!]/ {
+ if ($1 !~ "^('"$installedre"')[<=>!]") next;
}
{
cmd="'"$pkg_info"' -E \"" $1 "\""
--- portaudit-0.5.11.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602070526.k175QjH4025891>