Bug 197712 - [patch] x11-servers/xorg-server: add CPE information
Summary: [patch] x11-servers/xorg-server: add CPE information
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-x11 mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-16 18:37 UTC by shun
Modified: 2020-05-04 16:09 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (x11)


Attachments
Makefile with CPE information added (558 bytes, patch)
2015-02-16 18:37 UTC, shun
no flags Details | Diff
Makefile with CPE information added (581 bytes, patch)
2015-02-23 21:59 UTC, shun
no flags Details | Diff
Patch (889 bytes, patch)
2020-04-25 14:57 UTC, Gleb Popov
arrowd: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description shun 2015-02-16 18:37:24 UTC
Created attachment 153044 [details]
Makefile with CPE information added

x11-server/xorg-server has had vulnerabilities with a CPE identifer assigned (e.g. CVE-2015-0255). This patch add CPE information as suggested in the FreeBSD wiki[0].

[0] https://wiki.freebsd.org/Ports/CPE
Comment 1 Bugzilla Automation freebsd_committer 2015-02-16 18:37:24 UTC
Auto-assigned to maintainer x11@FreeBSD.org
Comment 2 shun 2015-02-23 21:59:15 UTC
Created attachment 153400 [details]
Makefile with CPE information added

added missing CPE_PRODUCT
Comment 3 shun 2015-02-23 22:17:27 UTC
The CPE product name does not seem to be stable yet (as of dictionary v2.3). The X.org server is named "x.org_x11" (CPE dictionary v2.3) and/or "xorg-server" [0] in current CVEs.


[0] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0255
Comment 4 Walter Schwarzenfeld freebsd_triage 2018-01-09 00:20:06 UTC
Is this still relevant?
Comment 5 Gleb Popov freebsd_committer 2020-04-25 14:57:50 UTC
Created attachment 213783 [details]
Patch

Here's the correct patch, that matches NVD database.
Comment 6 commit-hook freebsd_committer 2020-05-03 20:23:18 UTC
A commit references this bug:

Author: zeising
Date: Sun May  3 20:22:31 UTC 2020
New revision: 533807
URL: https://svnweb.freebsd.org/changeset/ports/533807

Log:
  xorg-server: Do not send spurious focus events

  Apply an upstream patch to avoid sending focus evens when grab actually does
  not change.  This fixes certain full screen applications. [1]

  Ensure that we actually don't try to find and link against HAL even if it's
  around on the system we're compiling on [2]

  Add CPE information [3]

  PR:		245854 [1] (with changes), 245604 [2], 197712 [3]
  Submitted by:	naddy@ [1], mi@ [2], arrowd [3]
  Reported by:	shun [3]
  MFH:		2020Q2

Changes:
  head/x11-servers/xorg-server/Makefile
  head/x11-servers/xorg-server/distinfo
Comment 7 Niclas Zeising freebsd_committer 2020-05-03 20:30:51 UTC
Committed, thanks!
Comment 8 commit-hook freebsd_committer 2020-05-04 16:09:03 UTC
A commit references this bug:

Author: zeising
Date: Mon May  4 16:08:17 UTC 2020
New revision: 533929
URL: https://svnweb.freebsd.org/changeset/ports/533929

Log:
  MFH: r533807

  xorg-server: Do not send spurious focus events

  Apply an upstream patch to avoid sending focus evens when grab actually does
  not change.  This fixes certain full screen applications. [1]

  Ensure that we actually don't try to find and link against HAL even if it's
  around on the system we're compiling on [2]

  Add CPE information [3]

  PR:		245854 [1] (with changes), 245604 [2], 197712 [3]
  Submitted by:	naddy@ [1], mi@ [2], arrowd [3]
  Reported by:	shun [3]

  Approved by:	ports-secteam (joenum)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/x11-servers/xorg-server/Makefile
  branches/2020Q2/x11-servers/xorg-server/distinfo