From owner-freebsd-java@FreeBSD.ORG Tue Sep 12 12:34:26 2006 Return-Path: X-Original-To: freebsd-java@FreeBSD.org Delivered-To: freebsd-java@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57BB416A407 for ; Tue, 12 Sep 2006 12:34:26 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from mail.ciam.ru (ns.ciam.ru [213.247.195.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDC7443D69 for ; Tue, 12 Sep 2006 12:34:25 +0000 (GMT) (envelope-from sem@FreeBSD.org) Received: from [87.240.16.199] (helo=[192.168.0.2]) by mail.ciam.ru with esmtpa (Exim 4.x) id 1GN7T6-000FJg-0R for freebsd-java@FreeBSD.org; Tue, 12 Sep 2006 16:34:24 +0400 Message-ID: <4506A950.4000805@FreeBSD.org> Date: Tue, 12 Sep 2006 16:34:24 +0400 From: Sergey Matveychuk User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-java@FreeBSD.org Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 7bit Cc: Subject: packages names are wrong X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2006 12:34:26 -0000 Who cares of packages on http://www.freebsdfoundation.org/downloads/java.shtml ? Names of the packages are wrong. They confuse our ports/packages tools because of a dot before arch names. The tools treat a package version starts after the first dot. It makes troubles for e.g. portaudit that claims a package diablo-jdk-freebsd5.i386.1.5.0.07.00 vulnerabled: Affected package: diablo-jdk-freebsd5.i386.1.5.0.07.00 Type of problem: jdk -- jar directory traversal vulnerability. Reference: It's because of this: % pkg_version -t i386.1.5.0.07.00 1.3.1.0_1 < It could be fixed e.g. by replacing the dot with a dash: diablo-jdk-freebsd5-i386.1.5.0.07.00 But the package name should be fixed in the package itself, so it should be rerolled. -- Dixi. Sem.