packages names are wrong
Sergey Matveychuk
sem at FreeBSD.org
Tue Sep 12 05:34:26 PDT 2006
Who cares of packages on
http://www.freebsdfoundation.org/downloads/java.shtml ?
Names of the packages are wrong. They confuse our ports/packages tools
because of a dot before arch names. The tools treat a package version
starts after the first dot.
It makes troubles for e.g. portaudit that claims a package
diablo-jdk-freebsd5.i386.1.5.0.07.00 vulnerabled:
Affected package: diablo-jdk-freebsd5.i386.1.5.0.07.00
Type of problem: jdk -- jar directory traversal vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>
It's because of this:
% pkg_version -t i386.1.5.0.07.00 1.3.1.0_1
<
It could be fixed e.g. by replacing the dot with a dash:
diablo-jdk-freebsd5-i386.1.5.0.07.00
But the package name should be fixed in the package itself, so it should
be rerolled.
--
Dixi.
Sem.
More information about the freebsd-java
mailing list