Bug 199368 - ftp/horde-gollem: add CPE information
Summary: ftp/horde-gollem: add CPE information
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Bartek Rutkowski
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-11 09:58 UTC by shun
Modified: 2015-04-16 08:51 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (horde)


Attachments
adding CPE information to Makefile (349 bytes, patch)
2015-04-11 09:58 UTC, shun
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description shun 2015-04-11 09:58:58 UTC
Created attachment 155454 [details]
adding CPE information to Makefile

ftp/horde-gollem has had vulnerabilities with a CPE identifier assigned (e.g. CVE-2010-3695). This patch adds CPE information as suggested in the FreeBSD wiki[0].

[0] https://wiki.freebsd.org/Ports/CPE
Comment 1 Martin Matuska freebsd_committer 2015-04-15 10:34:40 UTC
I disagree to this proposal. The CPE for horde-gollem is:
cpe:/a:horde:gollem

See here:
http://www.security-database.com/cpe.php?detail=cpe:/a:horde:gollem&type=product

If we do this it makes sense to add CPE entries for all horde applications.
Comment 2 commit-hook freebsd_committer 2015-04-15 11:05:20 UTC
A commit references this bug:

Author: robak
Date: Wed Apr 15 11:04:26 UTC 2015
New revision: 384042
URL: https://svnweb.freebsd.org/changeset/ports/384042

Log:
  ftp/horde-gollem: add CPE info

  PR:		199368
  Submitted by:	Shun <shun.fbsd.pr@dropcut.net>
  Approved by:	portmgr blanket

Changes:
  head/ftp/horde-gollem/Makefile
Comment 3 Bartek Rutkowski freebsd_committer 2015-04-15 11:09:23 UTC
Given the Martin disagreement, I've reversed that commit. Martin, do you have an alternate patch?
Comment 4 commit-hook freebsd_committer 2015-04-15 11:15:22 UTC
A commit references this bug:

Author: robak
Date: Wed Apr 15 11:14:30 UTC 2015
New revision: 384044
URL: https://svnweb.freebsd.org/changeset/ports/384044

Log:
  ftp/horde-gollem: revert the CPE info commit due to mm@ disapproval

  PR:		199368
  Approved by:	mm

Changes:
  head/ftp/horde-gollem/Makefile
Comment 5 commit-hook freebsd_committer 2015-04-15 11:30:25 UTC
A commit references this bug:

Author: mm
Date: Wed Apr 15 11:29:33 UTC 2015
New revision: 384045
URL: https://svnweb.freebsd.org/changeset/ports/384045

Log:
  Add CVE information to all Horde applications

  PR:		199368

Changes:
  head/deskutils/horde-groupware/Makefile
  head/deskutils/horde-kronolith/Makefile
  head/deskutils/horde-mnemo/Makefile
  head/deskutils/horde-nag/Makefile
  head/devel/horde-content/Makefile
  head/devel/horde-whups/Makefile
  head/ftp/horde-gollem/Makefile
  head/mail/horde-imp/Makefile
  head/mail/horde-ingo/Makefile
  head/mail/horde-turba/Makefile
  head/mail/horde-webmail/Makefile
  head/www/horde-ansel/Makefile
  head/www/horde-base/Makefile
  head/www/horde-passwd/Makefile
  head/www/horde-trean/Makefile
  head/www/horde-wicked/Makefile
Comment 6 Martin Matuska freebsd_committer 2015-04-15 11:31:19 UTC
(In reply to Bartek Rutkowski from comment #3)

Yes, I have added CPE_VENDOR?=horde to Uses/horde.mk in r384043 and enabled CPE for all Horde Applications in r384045. This should close this ticket.
Comment 7 Bartek Rutkowski freebsd_committer 2015-04-15 14:11:49 UTC
(In reply to Martin Matuska from comment #6)
Are you sure the latest commit is correct? If the proper CPE is horde:gollem, then I now can see it being expanded as 'cpe:2.3:a:gollem:gollem:3.0.3:::::freebsd11:x64' when doing make -V CPE_STR.
Comment 8 Martin Matuska freebsd_committer 2015-04-15 14:57:53 UTC
Did you apply r384043 in your testing environment, too? Because my CPE_STR is correct.
Comment 9 Bartek Rutkowski freebsd_committer 2015-04-16 08:51:55 UTC
Yes, I can see the CPE_STR correct now, so I am closing this PR.