Date: Thu, 31 Mar 2022 22:09:00 +0000 From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: maintainer-feedback requested: [Bug 262966] ports-mgmt/pkg: pkg can't recover from a corrupt vulnerability database. Message-ID: <bug-262966-32340-Fo6fQRMsJT@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-262966-32340@https.bugs.freebsd.org/bugzilla/> References: <bug-262966-32340@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-pkg (Nobody) <pkg@FreeBSD.org> for maintainer-feedback: Bug 262966: ports-mgmt/pkg: pkg can't recover from a corrupt vulnerability database. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262966 --- Description --- The lastest 410.pkg-audit run on one of my systems failed and reported: Checking for packages with security vulnerabilities: pkg: archive_read_data_into_fd((null)) failed: Lzma library error: Corrupted input data pkg: Invalid end of XML pkg: cannot process vulnxml Looking at /var/db/pkg/vuln.xml, it is obviously truncated but when I manua= lly run: $ sudo pkg audit -F it just reports that the database is up to date. Instead, I need to manual= ly remove the corrupt vuln.xml and then run "pkg audit -F". I would expect ei= ther an option to force a fetch or for "pkg audit" to verify the integrity of the existing database and re-fetch the database if it's corrupt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-262966-32340-Fo6fQRMsJT>