svn commit: r490941 - head/security/vuxml
Po-Chuan Hsieh
sunpoet at freebsd.org
Tue Jan 22 16:57:29 UTC 2019
On Tue, Jan 22, 2019 at 9:55 PM Glen Barber <gjb at freebsd.org> wrote:
> On Wed, Jan 23, 2019 at 12:35:05AM +1100, Kubilay Kocak wrote:
> > On 22/01/2019 11:32 pm, Glen Barber wrote:
> > > Author: gjb
> > > Date: Tue Jan 22 12:32:18 2019
> > > New Revision: 490941
> > > URL: https://svnweb.freebsd.org/changeset/ports/490941
> > >
> > > Log:
> > > Attempt to fix vuxml build.
> > > Sponsored by: The FreeBSD Foundation
> > >
> > > Modified:
> > > head/security/vuxml/vuln.xml
> > >
> > > Modified: head/security/vuxml/vuln.xml
> > >
> ==============================================================================
> > > --- head/security/vuxml/vuln.xml Tue Jan 22 12:30:21 2019
> (r490940)
> > > +++ head/security/vuxml/vuln.xml Tue Jan 22 12:32:18 2019
> (r490941)
> > > @@ -62,7 +62,7 @@ Notes:
> > > <topic>www/py-requests -- Information disclosure
> vulnerability</topic>
> > > <affects>
> > > <package>
> > > - <name>py*-requests</name>
> > > + <name>py-requests</name>
> > > <range><lt>2.20.0</lt></range>
> > > </package>
> > > </affects>
> > >
> >
> > Hi Glen,
> >
> > This now doesn't match PKGNAME's (pyXY-requests).
> >
> > What is/was the issue exactly?
> >
>
> I'm not entirely sure, but the build failed with:
>
> /home/vuxmlbuild/vuxmlweb/dtd/vuxml-1/catalog.xml
> /home/vuxmlbuild/vuxmlweb/dtd/xhtml-modularization/catalog.xml
> /home/vuxmlbuild/vuxmlweb/dtd/xhtml-basic/catalog.xml
> Parsing VuXML ...Application exception:
> bad package name for vid 50ad9a9a-1e28-11e9-98d7-0050562a4d7b:
> py*-requests @ho:220
> *** Error code 1
>
> Removing the '*' stopped the build failure emails.
>
I suggest changing it to
<name>py27-requests</name>
<name>py35-requests</name>
<name>py36-requests</name>
<name>py37-requests</name>
At least it should work for both cases.
> > It passed make validate and passed the pkg audit tests (see below)
> mentioned
> > in the file, in order to match any python version of the port, future or
> > past. This at least means pkg audit understands the globbing pattern.
>
> 'pkg audit' does, yes, but that does not mean the XML parser does for
> this case.
>
> Glen
>
>
More information about the svn-ports-head
mailing list