Created attachment 152874 [details] Makefile with CPE information added www/lynx has had vulnerabilities with a CPE identifier assigned[0]. This patch adds CPE information as suggested on the FreeBSD wiki[1]. [0] http://www.vuxml.org/freebsd/c01170bf-4990-11da-a1b8-000854d03344.html [1] https://wiki.freebsd.org/Ports/CPE
Maintainer CC'd
Created attachment 153147 [details] corrected patch Thanks, but do note that the UPDATE field needs to follow the pattern already in use: http://web.nvd.nist.gov/view/cpe/search/results?keyword=lynx+2.8.8&nonDeprecatedOnly=true&namingFormat=2.3 e.g., "cpe:2.3:a:lynx:lynx:2.8.8:dev.4:*:*:*:*:*:*" hence "dev.4", or in the port currently, "rel.2", which the updated patch corrects.
Created attachment 153148 [details] correctly corrected patch OK, now the patch correctly drops our artificial ".2", shortening "2.8.8.2" to "2.8.8": %make -V CPE_STR cpe:2.3:a:lynx:lynx:2.8.8:rel.2:[elided] Also, note that I don't agree with portlint(1): the CPE_* variables, when manually set, should be as close as possible to the PORTNAME and PORTVERSION which they supersede and/or the DISTNAME from which they're derived.
A commit references this bug: Author: robak Date: Tue Mar 17 11:59:49 UTC 2015 New revision: 381488 URL: https://svnweb.freebsd.org/changeset/ports/381488 Log: www/lynx: add CPE information PR: 197543 Submitted by: Shun <shun.fbsd.pr@dropcut.net> Reviewed by: Jason Harris <jharris@widomaker.com> Changes: head/www/lynx/Makefile
Committed, thanks for your work guys!