Date: Thu, 31 Mar 2022 22:09:00 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 262966] ports-mgmt/pkg: pkg can't recover from a corrupt vulnerability database. Message-ID: <bug-262966-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262966 Bug ID: 262966 Summary: ports-mgmt/pkg: pkg can't recover from a corrupt vulnerability database. Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: pkg@FreeBSD.org Reporter: peterj@FreeBSD.org Assignee: pkg@FreeBSD.org Flags: maintainer-feedback?(pkg@FreeBSD.org) The lastest 410.pkg-audit run on one of my systems failed and reported: Checking for packages with security vulnerabilities: pkg: archive_read_data_into_fd((null)) failed: Lzma library error: Corrupted input data pkg: Invalid end of XML pkg: cannot process vulnxml Looking at /var/db/pkg/vuln.xml, it is obviously truncated but when I manua= lly run: $ sudo pkg audit -F it just reports that the database is up to date. Instead, I need to manual= ly remove the corrupt vuln.xml and then run "pkg audit -F". I would expect ei= ther an option to force a fetch or for "pkg audit" to verify the integrity of the existing database and re-fetch the database if it's corrupt. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-262966-7788>