Bug 197543 - [patch] www/lynx: add CPE information
Summary: [patch] www/lynx: add CPE information
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Bartek Rutkowski
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-11 19:47 UTC by shun
Modified: 2015-03-17 12:00 UTC (History)
2 users (show)

See Also:
jharris: maintainer-feedback+


Attachments
Makefile with CPE information added (269 bytes, patch)
2015-02-11 19:47 UTC, shun
no flags Details | Diff
corrected patch (686 bytes, patch)
2015-02-18 14:17 UTC, jharris
jharris: maintainer-approval-
Details | Diff
correctly corrected patch (720 bytes, patch)
2015-02-18 14:46 UTC, jharris
jharris: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description shun 2015-02-11 19:47:46 UTC
Created attachment 152874 [details]
Makefile with CPE information added

www/lynx has had vulnerabilities with a CPE identifier assigned[0]. This patch adds CPE information as suggested on the FreeBSD wiki[1].


[0] http://www.vuxml.org/freebsd/c01170bf-4990-11da-a1b8-000854d03344.html
[1] https://wiki.freebsd.org/Ports/CPE
Comment 1 Bugzilla Automation freebsd_committer 2015-02-11 19:47:46 UTC
Maintainer CC'd
Comment 2 jharris 2015-02-18 14:17:33 UTC
Created attachment 153147 [details]
corrected patch

Thanks, but do note that the UPDATE field needs to follow the pattern already in use:

  http://web.nvd.nist.gov/view/cpe/search/results?keyword=lynx+2.8.8&nonDeprecatedOnly=true&namingFormat=2.3

e.g., "cpe:2.3:a:lynx:lynx:2.8.8:dev.4:*:*:*:*:*:*" hence "dev.4", or in the port currently, "rel.2", which the updated patch corrects.
Comment 3 jharris 2015-02-18 14:46:10 UTC
Created attachment 153148 [details]
correctly corrected patch

OK, now the patch correctly drops our artificial ".2", shortening "2.8.8.2" to "2.8.8":

  %make -V CPE_STR
  cpe:2.3:a:lynx:lynx:2.8.8:rel.2:[elided]

Also, note that I don't agree with portlint(1):  the CPE_* variables, when manually set, should be as close as possible to the PORTNAME and PORTVERSION which they supersede and/or the DISTNAME from which they're derived.
Comment 4 commit-hook freebsd_committer 2015-03-17 12:00:16 UTC
A commit references this bug:

Author: robak
Date: Tue Mar 17 11:59:49 UTC 2015
New revision: 381488
URL: https://svnweb.freebsd.org/changeset/ports/381488

Log:
  www/lynx: add CPE information

  PR:		197543
  Submitted by:	Shun <shun.fbsd.pr@dropcut.net>
  Reviewed by:	Jason Harris <jharris@widomaker.com>

Changes:
  head/www/lynx/Makefile
Comment 5 Bartek Rutkowski freebsd_committer 2015-03-17 12:00:51 UTC
Committed, thanks for your work guys!