199368 – ftp/horde-gollem: add CPE information

Bug 199368 - ftp/horde-gollem: add CPE information

Summary: ftp/horde-gollem: add CPE information

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Bartek Rutkowski

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-04-11 09:58 UTC by shun
Modified:	2015-04-16 08:51 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (horde)

Attachments
adding CPE information to Makefile (349 bytes, patch) 2015-04-11 09:58 UTC, shun	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description shun 2015-04-11 09:58:58 UTC

Created attachment 155454 [details]
adding CPE information to Makefile

ftp/horde-gollem has had vulnerabilities with a CPE identifier assigned (e.g. CVE-2010-3695). This patch adds CPE information as suggested in the FreeBSD wiki[0].

[0] https://wiki.freebsd.org/Ports/CPE

Comment 1 Martin Matuska freebsd_committer

2015-04-15 10:34:40 UTC

I disagree to this proposal. The CPE for horde-gollem is:
cpe:/a:horde:gollem

See here:
http://www.security-database.com/cpe.php?detail=cpe:/a:horde:gollem&type=product

If we do this it makes sense to add CPE entries for all horde applications.

Comment 2 commit-hook freebsd_committer

2015-04-15 11:05:20 UTC

A commit references this bug:

Author: robak
Date: Wed Apr 15 11:04:26 UTC 2015
New revision: 384042
URL: https://svnweb.freebsd.org/changeset/ports/384042

Log:
  ftp/horde-gollem: add CPE info

  PR:		199368
  Submitted by:	Shun <shun.fbsd.pr@dropcut.net>
  Approved by:	portmgr blanket

Changes:
  head/ftp/horde-gollem/Makefile

Comment 3 Bartek Rutkowski freebsd_committer

2015-04-15 11:09:23 UTC

Given the Martin disagreement, I've reversed that commit. Martin, do you have an alternate patch?

Comment 4 commit-hook freebsd_committer

2015-04-15 11:15:22 UTC

A commit references this bug:

Author: robak
Date: Wed Apr 15 11:14:30 UTC 2015
New revision: 384044
URL: https://svnweb.freebsd.org/changeset/ports/384044

Log:
  ftp/horde-gollem: revert the CPE info commit due to mm@ disapproval

  PR:		199368
  Approved by:	mm

Changes:
  head/ftp/horde-gollem/Makefile

Comment 5 commit-hook freebsd_committer

2015-04-15 11:30:25 UTC

A commit references this bug:

Author: mm
Date: Wed Apr 15 11:29:33 UTC 2015
New revision: 384045
URL: https://svnweb.freebsd.org/changeset/ports/384045

Log:
  Add CVE information to all Horde applications

  PR:		199368

Changes:
  head/deskutils/horde-groupware/Makefile
  head/deskutils/horde-kronolith/Makefile
  head/deskutils/horde-mnemo/Makefile
  head/deskutils/horde-nag/Makefile
  head/devel/horde-content/Makefile
  head/devel/horde-whups/Makefile
  head/ftp/horde-gollem/Makefile
  head/mail/horde-imp/Makefile
  head/mail/horde-ingo/Makefile
  head/mail/horde-turba/Makefile
  head/mail/horde-webmail/Makefile
  head/www/horde-ansel/Makefile
  head/www/horde-base/Makefile
  head/www/horde-passwd/Makefile
  head/www/horde-trean/Makefile
  head/www/horde-wicked/Makefile

Comment 6 Martin Matuska freebsd_committer

2015-04-15 11:31:19 UTC

(In reply to Bartek Rutkowski from comment #3)

Yes, I have added CPE_VENDOR?=horde to Uses/horde.mk in r384043 and enabled CPE for all Horde Applications in r384045. This should close this ticket.

Comment 7 Bartek Rutkowski freebsd_committer

2015-04-15 14:11:49 UTC

(In reply to Martin Matuska from comment #6)
Are you sure the latest commit is correct? If the proper CPE is horde:gollem, then I now can see it being expanded as 'cpe:2.3:a:gollem:gollem:3.0.3:::::freebsd11:x64' when doing make -V CPE_STR.

Comment 8 Martin Matuska freebsd_committer

2015-04-15 14:57:53 UTC

Did you apply r384043 in your testing environment, too? Because my CPE_STR is correct.

Comment 9 Bartek Rutkowski freebsd_committer

2015-04-16 08:51:55 UTC

Yes, I can see the CPE_STR correct now, so I am closing this PR.