ports/110735: [security fix] www/zope28 update to fix vulnerability

Fri Mar 23 22:00:14 UTC 2007

>Number:         110735
>Category:       ports
>Synopsis:       [security fix] www/zope28 update to fix vulnerability
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 23 22:00:12 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Yasushi Hayashi
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD www.yasi.to 6.2-STABLE FreeBSD 6.2-STABLE #1: Sat Feb 10 09:05:27 JST 2007 root at www.yasi.to:/usr/obj/usr/src/sys/GENERIC i386
>Description:
In March 20,2007, Zope.org released hotfix for cross-site scripting vulnerability.
See: http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view

This PR upgrade www/zope28.
 
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -urN /usr/ports/www/zope28.old/Makefile /usr/ports/www/zope28/Makefile

--- /usr/ports/www/zope28.old/Makefile	Thu Jan  4 22:16:03 2007
+++ /usr/ports/www/zope28/Makefile	Thu Mar 22 22:04:37 2007
@@ -7,12 +7,14 @@
 
 PORTNAME=	zope
 PORTVERSION=	2.8.8
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www python zope
 MASTER_SITES=	http://www.zope.org/Products/Zope/${PORTVERSION}/:src \
-		http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix
+		http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix1 \
+		http://www.zope.org/Products/Zope/Hotfix-2007-03-20/Hotfix-20070320/:hotfix2
 DISTFILES=	Zope-${PORTVERSION}-final.tgz:src \
-		${HOTFIX}.tar.gz:hotfix
+		${HOTFIX1}.tar.gz:hotfix1 \
+		${HOTFIX2}.tgz:hotfix2
 DIST_SUBDIR=	zope
 
 MAINTAINER=	dsh at vlink.ru
@@ -21,7 +23,8 @@
 WRKSRC=		${WRKDIR}/Zope-${PORTVERSION}-final
 USE_PYTHON=	2.3-2.4
 USE_RC_SUBR=	${PORTNAME}28.sh zeo28.sh
-HOTFIX=		Hotfix_20060821
+HOTFIX1=	Hotfix_20060821
+HOTFIX2=	Hotfix_20070320
 LATEST_LINK=	zope28
 
 # Note: the notes that follow reflect the decisions of prior maintainers
@@ -71,10 +74,12 @@
 		${WRKSRC}/configure
 
 post-build:
-	-${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX}
+	-${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX1}
+	-${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX2}
 
 post-install:
-	@${CP} -R ${WRKDIR}/${HOTFIX} ${ZOPEBASEDIR}/lib/python/Products/
+	@${CP} -R ${WRKDIR}/${HOTFIX1} ${ZOPEBASEDIR}/lib/python/Products/
+	@${CP} -R ${WRKDIR}/${HOTFIX2} ${ZOPEBASEDIR}/lib/python/Products/
 	${MV} ${ZOPEBASEDIR}/skel/etc/zope.conf.in \
 		${ZOPEBASEDIR}/skel/etc/zope.conf.sample.in
 
diff -urN /usr/ports/www/zope28.old/distinfo /usr/ports/www/zope28/distinfo
--- /usr/ports/www/zope28.old/distinfo	Thu Jan  4 22:16:03 2007
+++ /usr/ports/www/zope28/distinfo	Thu Mar 22 22:05:02 2007
@@ -4,3 +4,6 @@
 MD5 (zope/Hotfix_20060821.tar.gz) = 5cb921d15ff6d290bfc73bdc20ff67c1
 SHA256 (zope/Hotfix_20060821.tar.gz) = 6ba5f717cc7443c6182c5b829f2a4228e7c56667d07e2b6fad8323ab1ec850af
 SIZE (zope/Hotfix_20060821.tar.gz) = 1050
+MD5 (zope/Hotfix_20070320.tgz) = 0b4cd365d99731e18827ead11400087d
+SHA256 (zope/Hotfix_20070320.tgz) = 3b8760301826aba22386a561de48523663fc7840fc11280e2c34163ba4be383a
+SIZE (zope/Hotfix_20070320.tgz) = 3805
diff -urN /usr/ports/www/zope28.old/pkg-plist /usr/ports/www/zope28/pkg-plist
--- /usr/ports/www/zope28.old/pkg-plist	Thu Jan  4 22:16:03 2007
+++ /usr/ports/www/zope28/pkg-plist	Thu Mar 22 22:00:24 2007
@@ -943,6 +943,14 @@
 %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.py
 %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.pyc
 %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/version.txt
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/README.txt
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/__init__.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/__init__.pyc
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/__init__.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/__init__.pyc
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/test_hotfix.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/test_hotfix.pyc
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/version.txt
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt
@@ -6838,6 +6846,8 @@
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST/tests
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST/www
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST
+ at dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests
+ at dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/StandardCacheManagers/tests

>Release-Note:
>Audit-Trail:
>Unformatted:

