From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Nov 9 00:00:03 2007 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D98CA16A420 for ; Fri, 9 Nov 2007 00:00:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B02A413C49D for ; Fri, 9 Nov 2007 00:00:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id lA9002Fj060993 for ; Fri, 9 Nov 2007 00:00:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id lA9002LR060992; Fri, 9 Nov 2007 00:00:02 GMT (envelope-from gnats) Resent-Date: Fri, 9 Nov 2007 00:00:02 GMT Resent-Message-Id: <200711090000.lA9002LR060992@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Greg Larkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 56BF216A46B for ; Thu, 8 Nov 2007 23:54:12 +0000 (UTC) (envelope-from glarkin@sourcehosting.net) Received: from mail1.sourcehosting.net (mail1.sourcehosting.net [74.205.51.45]) by mx1.freebsd.org (Postfix) with ESMTP id CBC1B13C4E3 for ; Thu, 8 Nov 2007 23:54:11 +0000 (UTC) (envelope-from glarkin@sourcehosting.net) Received: from 68-189-244-97.dhcp.oxfr.ma.charter.com ([68.189.244.97] helo=Gregory-Larkins-Computer.local) by mail1.sourcehosting.net with esmtp (Exim 4.68 (FreeBSD)) (envelope-from ) id 1IqHC8-000O5p-19; Thu, 08 Nov 2007 18:54:03 -0500 Received: from ports.entropy.prv (ports.entropy.prv [192.168.1.18]) by Gregory-Larkins-Computer.local (Postfix) with ESMTP id 065381713D4D; Thu, 8 Nov 2007 18:53:55 -0500 (EST) Received: from ports.entropy.prv (localhost [127.0.0.1]) by ports.entropy.prv (8.13.6/8.13.6) with ESMTP id lA8Nrttg005195; Thu, 8 Nov 2007 18:53:55 -0500 (EST) (envelope-from glarkin@ports.entropy.prv) Received: (from root@localhost) by ports.entropy.prv (8.13.6/8.13.6/Submit) id lA8NrtAh005194; Thu, 8 Nov 2007 18:53:55 -0500 (EST) (envelope-from glarkin) Message-Id: <200711082353.lA8NrtAh005194@ports.entropy.prv> Date: Thu, 8 Nov 2007 18:53:55 -0500 (EST) From: Greg Larkin To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: glarkin@sourcehosting.net, skv@FreeBSD.org Subject: ports/117931: [PATCH] devel/bugzilla2: Update port name after repocopy to avoid portaudit false positives X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 00:00:03 -0000 >Number: 117931 >Category: ports >Synopsis: [PATCH] devel/bugzilla2: Update port name after repocopy to avoid portaudit false positives >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Nov 09 00:00:02 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Greg Larkin >Release: FreeBSD 6.1-SECURITY i386 >Organization: SourceHosting.net, LLC >Environment: System: FreeBSD ports.entropy.prv 6.1-SECURITY FreeBSD 6.1-SECURITY #0: Thu Apr 26 14:24:01 UTC 2007 >Description: Once Bugzilla 3.0 was released, devel/bugzilla was repocopied to devel/bugzilla2. Since then, some security vulnerabilities were added to the FreeBSD VuXML document. Bugzilla-2.22.3 is flagged as vulnerable, when it is not. Port maintainer (skv@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: Run portaudit in the original devel/bugzilla2 directory and notice that version 2.22.3 is compared against version 3.0.1. After changing the port name, no vulnerabilities are flagged. ports# pwd /usr/ports/devel/bugzilla2.orig ports# portaudit -Cv Affected package: bugzilla-2.22.3 (matched by bugzilla<3.0.1) Type of problem: bugzilla -- multiple vulnerabilities. Reference: Affected package: bugzilla-2.22.3 (matched by bugzilla<3.0.2) Type of problem: bugzilla -- "createmailregexp" security bypass vulnerability. Reference: ports# cd ../bugzilla2 ports# portaudit -Cv ports# >Fix: --- bugzilla2-2.22.3.patch begins here --- diff -ruN --exclude=CVS /usr/ports/devel/bugzilla2.orig/Makefile /usr/ports/devel/bugzilla2/Makefile --- /usr/ports/devel/bugzilla2.orig/Makefile Thu Aug 30 15:04:13 2007 +++ /usr/ports/devel/bugzilla2/Makefile Thu Nov 8 18:34:57 2007 @@ -5,11 +5,12 @@ # $FreeBSD: ports/devel/bugzilla2/Makefile,v 1.51 2007/08/30 19:04:13 skv Exp $ # -PORTNAME?= bugzilla +PORTNAME?= bugzilla2 PORTVERSION?= 2.22.3 CATEGORIES?= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived +DISTNAME= bugzilla-${PORTVERSION} MAINTAINER?= skv@FreeBSD.org COMMENT?= Bug-tracking system developed by Mozilla Project --- bugzilla2-2.22.3.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: