From nobody Thu Mar 31 22:09:00 2022 X-Original-To: pkg@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C5DF81A52E29 for ; Thu, 31 Mar 2022 22:09:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KTyBN3bYmz4mw1 for ; Thu, 31 Mar 2022 22:09:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5B67B2F6FB for ; Thu, 31 Mar 2022 22:09:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 22VM90J4090859 for ; Thu, 31 Mar 2022 22:09:00 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 22VM905T090858 for pkg@FreeBSD.org; Thu, 31 Mar 2022 22:09:00 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: maintainer-feedback requested: [Bug 262966] ports-mgmt/pkg: pkg can't recover from a corrupt vulnerability database. Date: Thu, 31 Mar 2022 22:09:00 +0000 X-Bugzilla-Type: request X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pkg@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Binary package management and package tools discussion List-Archive: https://lists.freebsd.org/archives/freebsd-pkg List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkg@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648764540; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=W2kwT+n2Gu2pPZBTMCTlcwJgQO4nIxUS5fvS5aSbLa0=; b=LPTbOh6zoNFRfPCjVJihTKLJupyAp7cyNAWQrBhKZnWh6K1lhX5qtDf3/8QRzXIj4O7KwT WIRsCH4UJ+sdg+ahqvMSZSAQIb/jSlqKl1p+DkjYvUCZml52NbRTsh06IMSL08ulhAv3SE HK6oTIsJItZd+8hwUC76wIJ49o/lf/apn1IWPhLGoarMVMUFcdJaHezXrKP468GU72fDRm efmGoyFBLYvu1oTdKx+qav4Nv2HtAAdPdi8BXEpbxni1NTMzAJNSpJAjLCctTYhyjJn10U XzbcyYs7k8ouhkCOfogpYpZEEf+eRkoJmX14erQO+rcDeHMP7gBw2osi+/+YBQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648764540; a=rsa-sha256; cv=none; b=W2sNlPLMRCgp0Ycq2kt+fUQ7ChuIMvsnTuathI6Ft/GZF6bAH7dLTSNtmYaXtlldWBtjRF P8seyGQP1cPZ7V2+PAjnCUz3iMuqwNSZoFM5Vtt484W7/oiPL+yXK4y6nYhQJLFoe28TQn uEIR8WrlO0WIq5c9EqPQwUpZ2X/6Ar+Q6ChMJC1K5coT9cqG93i2qmnJoH+YU7Uzp/G0Hi YJA4keN/dYenZEwRSgTvXgY3CsrRYVTwrjEKSGQHw0ACIhQKjMUAis/BP82FO/5T729ulf yYDXHSx1nBA4rZ+VRxq8PODMV6ipghlWubmdebm1UyGBWU+0qIMHxycS2zme+g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N Bugzilla Automation has asked freebsd-pkg (Nobody) for maintainer-feedback: Bug 262966: ports-mgmt/pkg: pkg can't recover from a corrupt vulnerability database. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262966 --- Description --- The lastest 410.pkg-audit run on one of my systems failed and reported: Checking for packages with security vulnerabilities: pkg: archive_read_data_into_fd((null)) failed: Lzma library error: Corrupted input data pkg: Invalid end of XML pkg: cannot process vulnxml Looking at /var/db/pkg/vuln.xml, it is obviously truncated but when I manua= lly run: $ sudo pkg audit -F it just reports that the database is up to date. Instead, I need to manual= ly remove the corrupt vuln.xml and then run "pkg audit -F". I would expect ei= ther an option to force a fetch or for "pkg audit" to verify the integrity of the existing database and re-fetch the database if it's corrupt.