Date: Thu, 8 Nov 2007 18:53:55 -0500 (EST) From: Greg Larkin <glarkin@sourcehosting.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: glarkin@sourcehosting.net, skv@FreeBSD.org Subject: ports/117931: [PATCH] devel/bugzilla2: Update port name after repocopy to avoid portaudit false positives Message-ID: <200711082353.lA8NrtAh005194@ports.entropy.prv> Resent-Message-ID: <200711090000.lA9002LR060992@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 117931 >Category: ports >Synopsis: [PATCH] devel/bugzilla2: Update port name after repocopy to avoid portaudit false positives >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Nov 09 00:00:02 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Greg Larkin >Release: FreeBSD 6.1-SECURITY i386 >Organization: SourceHosting.net, LLC >Environment: System: FreeBSD ports.entropy.prv 6.1-SECURITY FreeBSD 6.1-SECURITY #0: Thu Apr 26 14:24:01 UTC 2007 >Description: Once Bugzilla 3.0 was released, devel/bugzilla was repocopied to devel/bugzilla2. Since then, some security vulnerabilities were added to the FreeBSD VuXML document. Bugzilla-2.22.3 is flagged as vulnerable, when it is not. Port maintainer (skv@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: Run portaudit in the original devel/bugzilla2 directory and notice that version 2.22.3 is compared against version 3.0.1. After changing the port name, no vulnerabilities are flagged. ports# pwd /usr/ports/devel/bugzilla2.orig ports# portaudit -Cv Affected package: bugzilla-2.22.3 (matched by bugzilla<3.0.1) Type of problem: bugzilla -- multiple vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/75231c63-f6a2-499d-8e27-78777 3bda284.html> Affected package: bugzilla-2.22.3 (matched by bugzilla<3.0.2) Type of problem: bugzilla -- "createmailregexp" security bypass vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/f8d3689e-6770-11dc-8be8-02e01 85f8d72.html> ports# cd ../bugzilla2 ports# portaudit -Cv ports# >Fix: --- bugzilla2-2.22.3.patch begins here --- diff -ruN --exclude=CVS /usr/ports/devel/bugzilla2.orig/Makefile /usr/ports/devel/bugzilla2/Makefile --- /usr/ports/devel/bugzilla2.orig/Makefile Thu Aug 30 15:04:13 2007 +++ /usr/ports/devel/bugzilla2/Makefile Thu Nov 8 18:34:57 2007 @@ -5,11 +5,12 @@ # $FreeBSD: ports/devel/bugzilla2/Makefile,v 1.51 2007/08/30 19:04:13 skv Exp $ # -PORTNAME?= bugzilla +PORTNAME?= bugzilla2 PORTVERSION?= 2.22.3 CATEGORIES?= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived +DISTNAME= bugzilla-${PORTVERSION} MAINTAINER?= skv@FreeBSD.org COMMENT?= Bug-tracking system developed by Mozilla Project --- bugzilla2-2.22.3.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711082353.lA8NrtAh005194>