Matching a name to a port
Dan Langille
dan at langille.org
Mon Sep 13 11:16:48 PDT 2004
On Mon, 13 Sep 2004, Jacques A. Vidrine wrote:
> On Mon, Sep 13, 2004 at 01:33:22PM -0400, Dan Langille wrote:
> > I'm trying to match vuln.xml information against actual ports. To do
> > this, I need to know how the entries in the <name> field are derived.
> >
> > I first thought it might be PORTNAME. But that's not the case. I now
> > think it might be ${PKGNAMEPREFIX}${PORTNAME}$.
>
> ${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}
>
> See the definition of PKGNAME in bsd.port.mk. It is PKGNAME minus the
> version information.
>
> > If am i correct, then I have some questions about the following entries.
> >
> > What ports do the following refer to?
Jacques: Thanks for pointing out the ports I missed. I have snipped them
from the discussion so we can concentrate on the others.
> > ImageMagick-nox11
> graphics/ImageMagick
I see ImageMagick in the names for this vuln. Where does
ImageMagick-nox11 enter the picture?
> > libtool
> depends, could be devel/libtool13 or devel/libtool15, or even the
> no-longer-existent devel/libtool or devel/libtool14
Looking at the data:
<package>
<name>libtool</name>
<range><ge>1.3</ge><lt>1.3.5_2</lt></range>
<range><ge>1.4</ge><lt>1.4.3_3</lt></range>
<range><ge>1.5</ge><lt>1.5.2</lt></range>
</package>
I suggest we need three package entries to cover the various FreeBSD ports
which have existed. Please see the mysql suggestion below for an example
of what I mean.
This URL shows the libtool ports in question.
http://www.freshports.org/search.php?stype=name&method=match&query=libtool&num=10&deleted=includedeleted&casesensitivity=caseinsensitive&search=Search&orderby=category&orderbyupdown=asc
> > mpg123-esound
We have mpg123, but no mpg123-esound. I wonder where it comes from.
> > mplayer-esound
> > mplayer-gtk
> > mplayer-gtk-esound
>
> multimedia/mplayer
I don't know what to do about those. The vuln has an entry for mplayer,
so we'll catch that on FreshPorts, but not the other tree.
> > mysql-client
> > mysql-scripts
> > mysql-server
> depends, could be any of the database/mysql*-(client|scripts|server) ports.
FreshPorts, or any other code for that matter, has no way
of knowing that port this vuln entry refers to.
Intuitively, yes, we know it's going to be one of mysql323-client,
ysql40-client, and mysql50-client.
Yes, the range entries help human eyes:
<range><ge>4.1</ge><lt>4.1.3</lt></range>
<range><ge>5</ge><le>5.0.0_2</le></range>
I suggest we need two packages:
<package>
<name>mysql40-client</name>
<range><ge>4.0</ge><lt>4.0.20</lt></range>
<range><ge>4.1</ge><lt>4.1.1_2</lt></range>
</package>
<package>
<name>mysql50-client</name>
<range><ge>5.0</ge><lt>5.0.0_2</lt></range>
</package>
</affects>
Should the entry be modified to refer explicity to
> > The answers may be obvious to the trained eye, but how does one write code
> > against this?
>
> Ports are re-named, moved, removed. I'm not sure that it can be
> done exactly other than by what I suggested previously: a database
> of the "history" of package names. IIRC, portupgrade uses ad hoc
> heuristics to guess the port origin from the package name, when the
> ORIGIN comment is not usable for some reason.
>
> The dichotomy of package name and port origin has always been a
> troublesome aspect of the FreeBSD Ports collection :-(
Moving things around isn't so much of a problem. Locating them in the
first place is the issue. Later moves are not a problem.
--
Dan Langille - http://www.langille.org/
BSDCan - The Technical BSD Conference: http://www.bsdcan.org/
More information about the freebsd-vuxml
mailing list