svn commit: r490941 - head/security/vuxml

Po-Chuan Hsieh sunpoet at freebsd.org
Tue Jan 22 16:57:29 UTC 2019 

On Tue, Jan 22, 2019 at 9:55 PM Glen Barber <gjb at freebsd.org> wrote:

> On Wed, Jan 23, 2019 at 12:35:05AM +1100, Kubilay Kocak wrote:
> > On 22/01/2019 11:32 pm, Glen Barber wrote:
> > > Author: gjb
> > > Date: Tue Jan 22 12:32:18 2019
> > > New Revision: 490941
> > > URL: https://svnweb.freebsd.org/changeset/ports/490941
> > >
> > > Log:
> > >    Attempt to fix vuxml build.
> > >    Sponsored by:    The FreeBSD Foundation
> > >
> > > Modified:
> > >    head/security/vuxml/vuln.xml
> > >
> > > Modified: head/security/vuxml/vuln.xml
> > >
> ==============================================================================
> > > --- head/security/vuxml/vuln.xml    Tue Jan 22 12:30:21 2019
> (r490940)
> > > +++ head/security/vuxml/vuln.xml    Tue Jan 22 12:32:18 2019
> (r490941)
> > > @@ -62,7 +62,7 @@ Notes:
> > >       <topic>www/py-requests -- Information disclosure
> vulnerability</topic>
> > >       <affects>
> > >         <package>
> > > -   <name>py*-requests</name>
> > > +   <name>py-requests</name>
> > >     <range><lt>2.20.0</lt></range>
> > >         </package>
> > >       </affects>
> > >
> >
> > Hi Glen,
> >
> > This now doesn't match PKGNAME's (pyXY-requests).
> >
> > What is/was the issue exactly?
> >
>
> I'm not entirely sure, but the build failed with:
>
>  /home/vuxmlbuild/vuxmlweb/dtd/vuxml-1/catalog.xml
> /home/vuxmlbuild/vuxmlweb/dtd/xhtml-modularization/catalog.xml
>  /home/vuxmlbuild/vuxmlweb/dtd/xhtml-basic/catalog.xml
>  Parsing VuXML ...Application exception:
>  bad package name for vid 50ad9a9a-1e28-11e9-98d7-0050562a4d7b:
> py*-requests @ho:220
>  *** Error code 1
>
> Removing the '*' stopped the build failure emails.
>

I suggest changing it to

<name>py27-requests</name>
<name>py35-requests</name>
<name>py36-requests</name>
<name>py37-requests</name>

At least it should work for both cases.


> > It passed make validate and passed the pkg audit tests (see below)
> mentioned
> > in the file, in order to match any python version of the port, future or
> > past. This at least means pkg audit understands the globbing pattern.
>
> 'pkg audit' does, yes, but that does not mean the XML parser does for
> this case.
>
> Glen
>
>

More information about the svn-ports-head mailing list