ports/110735: [security fix] www/zope28 update to fix vulnerability
Yasushi Hayashi
yasi at yasi.to
Fri Mar 23 22:00:14 UTC 2007
>Number: 110735
>Category: ports
>Synopsis: [security fix] www/zope28 update to fix vulnerability
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 23 22:00:12 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Yasushi Hayashi
>Release: FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD www.yasi.to 6.2-STABLE FreeBSD 6.2-STABLE #1: Sat Feb 10 09:05:27 JST 2007 root at www.yasi.to:/usr/obj/usr/src/sys/GENERIC i386
>Description:
In March 20,2007, Zope.org released hotfix for cross-site scripting vulnerability.
See: http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view
This PR upgrade www/zope28.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -urN /usr/ports/www/zope28.old/Makefile /usr/ports/www/zope28/Makefile
--- /usr/ports/www/zope28.old/Makefile Thu Jan 4 22:16:03 2007
+++ /usr/ports/www/zope28/Makefile Thu Mar 22 22:04:37 2007
@@ -7,12 +7,14 @@
PORTNAME= zope
PORTVERSION= 2.8.8
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= www python zope
MASTER_SITES= http://www.zope.org/Products/Zope/${PORTVERSION}/:src \
- http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix
+ http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix1 \
+ http://www.zope.org/Products/Zope/Hotfix-2007-03-20/Hotfix-20070320/:hotfix2
DISTFILES= Zope-${PORTVERSION}-final.tgz:src \
- ${HOTFIX}.tar.gz:hotfix
+ ${HOTFIX1}.tar.gz:hotfix1 \
+ ${HOTFIX2}.tgz:hotfix2
DIST_SUBDIR= zope
MAINTAINER= dsh at vlink.ru
@@ -21,7 +23,8 @@
WRKSRC= ${WRKDIR}/Zope-${PORTVERSION}-final
USE_PYTHON= 2.3-2.4
USE_RC_SUBR= ${PORTNAME}28.sh zeo28.sh
-HOTFIX= Hotfix_20060821
+HOTFIX1= Hotfix_20060821
+HOTFIX2= Hotfix_20070320
LATEST_LINK= zope28
# Note: the notes that follow reflect the decisions of prior maintainers
@@ -71,10 +74,12 @@
${WRKSRC}/configure
post-build:
- -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX}
+ -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX1}
+ -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX2}
post-install:
- @${CP} -R ${WRKDIR}/${HOTFIX} ${ZOPEBASEDIR}/lib/python/Products/
+ @${CP} -R ${WRKDIR}/${HOTFIX1} ${ZOPEBASEDIR}/lib/python/Products/
+ @${CP} -R ${WRKDIR}/${HOTFIX2} ${ZOPEBASEDIR}/lib/python/Products/
${MV} ${ZOPEBASEDIR}/skel/etc/zope.conf.in \
${ZOPEBASEDIR}/skel/etc/zope.conf.sample.in
diff -urN /usr/ports/www/zope28.old/distinfo /usr/ports/www/zope28/distinfo
--- /usr/ports/www/zope28.old/distinfo Thu Jan 4 22:16:03 2007
+++ /usr/ports/www/zope28/distinfo Thu Mar 22 22:05:02 2007
@@ -4,3 +4,6 @@
MD5 (zope/Hotfix_20060821.tar.gz) = 5cb921d15ff6d290bfc73bdc20ff67c1
SHA256 (zope/Hotfix_20060821.tar.gz) = 6ba5f717cc7443c6182c5b829f2a4228e7c56667d07e2b6fad8323ab1ec850af
SIZE (zope/Hotfix_20060821.tar.gz) = 1050
+MD5 (zope/Hotfix_20070320.tgz) = 0b4cd365d99731e18827ead11400087d
+SHA256 (zope/Hotfix_20070320.tgz) = 3b8760301826aba22386a561de48523663fc7840fc11280e2c34163ba4be383a
+SIZE (zope/Hotfix_20070320.tgz) = 3805
diff -urN /usr/ports/www/zope28.old/pkg-plist /usr/ports/www/zope28/pkg-plist
--- /usr/ports/www/zope28.old/pkg-plist Thu Jan 4 22:16:03 2007
+++ /usr/ports/www/zope28/pkg-plist Thu Mar 22 22:00:24 2007
@@ -943,6 +943,14 @@
%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.py
%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.pyc
%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/version.txt
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/README.txt
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/__init__.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/__init__.pyc
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/__init__.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/__init__.pyc
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/test_hotfix.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/test_hotfix.pyc
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/version.txt
%%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py
%%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc
%%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt
@@ -6838,6 +6846,8 @@
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST/tests
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST/www
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST
+ at dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests
+ at dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/StandardCacheManagers/tests
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list