Bug 197712 - [patch] x11-servers/xorg-server: add CPE information
Summary: [patch] x11-servers/xorg-server: add CPE information
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-x11 (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-16 18:37 UTC by shun
Modified: 2020-05-04 16:09 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (x11)

Attachments
Makefile with CPE information added (558 bytes, patch)
2015-02-16 18:37 UTC, shun 		no flags Details | Diff
Makefile with CPE information added (581 bytes, patch)
2015-02-23 21:59 UTC, shun 		no flags Details | Diff
Patch (889 bytes, patch)
2020-04-25 14:57 UTC, Gleb Popov 		arrowd: maintainer-approval?
Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description shun 2015-02-16 18:37:24 UTC 
Created attachment 153044 [details]
Makefile with CPE information added

x11-server/xorg-server has had vulnerabilities with a CPE identifer assigned (e.g. CVE-2015-0255). This patch add CPE information as suggested in the FreeBSD wiki[0].

[0] https://wiki.freebsd.org/Ports/CPE
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2015-02-16 18:37:24 UTC 
Auto-assigned to maintainer x11@FreeBSD.org
Comment 2 shun 2015-02-23 21:59:15 UTC 
Created attachment 153400 [details]
Makefile with CPE information added

added missing CPE_PRODUCT
Comment 3 shun 2015-02-23 22:17:27 UTC 
The CPE product name does not seem to be stable yet (as of dictionary v2.3). The X.org server is named "x.org_x11" (CPE dictionary v2.3) and/or "xorg-server" [0] in current CVEs.


[0] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0255
Comment 4 Walter Schwarzenfeld 2018-01-09 00:20:06 UTC 
Is this still relevant?
Comment 5 Gleb Popov freebsd_committer freebsd_triage 2020-04-25 14:57:50 UTC 
Created attachment 213783 [details]
Patch

Here's the correct patch, that matches NVD database.
Comment 6 commit-hook freebsd_committer freebsd_triage 2020-05-03 20:23:18 UTC 
A commit references this bug:

Author: zeising
Date: Sun May  3 20:22:31 UTC 2020
New revision: 533807
URL: https://svnweb.freebsd.org/changeset/ports/533807

Log:
  xorg-server: Do not send spurious focus events

  Apply an upstream patch to avoid sending focus evens when grab actually does
  not change.  This fixes certain full screen applications. [1]

  Ensure that we actually don't try to find and link against HAL even if it's
  around on the system we're compiling on [2]

  Add CPE information [3]

  PR:		245854 [1] (with changes), 245604 [2], 197712 [3]
  Submitted by:	naddy@ [1], mi@ [2], arrowd [3]
  Reported by:	shun [3]
  MFH:		2020Q2

Changes:
  head/x11-servers/xorg-server/Makefile
  head/x11-servers/xorg-server/distinfo
Comment 7 Niclas Zeising freebsd_committer freebsd_triage 2020-05-03 20:30:51 UTC 
Committed, thanks!
Comment 8 commit-hook freebsd_committer freebsd_triage 2020-05-04 16:09:03 UTC 
A commit references this bug:

Author: zeising
Date: Mon May  4 16:08:17 UTC 2020
New revision: 533929
URL: https://svnweb.freebsd.org/changeset/ports/533929

Log:
  MFH: r533807

  xorg-server: Do not send spurious focus events

  Apply an upstream patch to avoid sending focus evens when grab actually does
  not change.  This fixes certain full screen applications. [1]

  Ensure that we actually don't try to find and link against HAL even if it's
  around on the system we're compiling on [2]

  Add CPE information [3]

  PR:		245854 [1] (with changes), 245604 [2], 197712 [3]
  Submitted by:	naddy@ [1], mi@ [2], arrowd [3]
  Reported by:	shun [3]

  Approved by:	ports-secteam (joenum)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/x11-servers/xorg-server/Makefile
  branches/2020Q2/x11-servers/xorg-server/distinfo