Created attachment 152874 [details]
Makefile with CPE information added
www/lynx has had vulnerabilities with a CPE identifier assigned. This patch adds CPE information as suggested on the FreeBSD wiki.
Created attachment 153147 [details]
Thanks, but do note that the UPDATE field needs to follow the pattern already in use:
e.g., "cpe:2.3:a:lynx:lynx:2.8.8:dev.4:*:*:*:*:*:*" hence "dev.4", or in the port currently, "rel.2", which the updated patch corrects.
Created attachment 153148 [details]
correctly corrected patch
OK, now the patch correctly drops our artificial ".2", shortening "184.108.40.206" to "2.8.8":
%make -V CPE_STR
Also, note that I don't agree with portlint(1): the CPE_* variables, when manually set, should be as close as possible to the PORTNAME and PORTVERSION which they supersede and/or the DISTNAME from which they're derived.
A commit references this bug:
Date: Tue Mar 17 11:59:49 UTC 2015
New revision: 381488
www/lynx: add CPE information
Submitted by: Shun <email@example.com>
Reviewed by: Jason Harris <firstname.lastname@example.org>
Committed, thanks for your work guys!