Date: Tue, 12 Sep 2006 16:34:24 +0400 From: Sergey Matveychuk <sem@FreeBSD.org> To: freebsd-java@FreeBSD.org Subject: packages names are wrong Message-ID: <4506A950.4000805@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Who cares of packages on http://www.freebsdfoundation.org/downloads/java.shtml ? Names of the packages are wrong. They confuse our ports/packages tools because of a dot before arch names. The tools treat a package version starts after the first dot. It makes troubles for e.g. portaudit that claims a package diablo-jdk-freebsd5.i386.1.5.0.07.00 vulnerabled: Affected package: diablo-jdk-freebsd5.i386.1.5.0.07.00 Type of problem: jdk -- jar directory traversal vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>; It's because of this: % pkg_version -t i386.1.5.0.07.00 1.3.1.0_1 < It could be fixed e.g. by replacing the dot with a dash: diablo-jdk-freebsd5-i386.1.5.0.07.00 But the package name should be fixed in the package itself, so it should be rerolled. -- Dixi. Sem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4506A950.4000805>