ports/138976: [patch] Restrict news/sabnzbd to python <= v2.5
hideo
hideo at lastamericanempire.com
Sat Sep 19 21:40:05 UTC 2009
>Number: 138976
>Category: ports
>Synopsis: [patch] Restrict news/sabnzbd to python <= v2.5
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Sep 19 21:40:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: hideo
>Release: FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD darwin.lastamericanempire.com 7.2-STABLE FreeBSD 7.2-STABLE #0: Thu Sep 17 13:01:02 MDT 2009 hideo at darwin.lastamericanempire.com:/usr/obj/usr/src/sys/darwin i386
>Description:
SABnzbd only works with python2.5 and lower. Also, due to the version
of devel/py-cheetah in ports, it won't work unless the api key feature
introduced in v0.4.9 is disabled in the user's ini file. This *may*
expose a user to the vulnerability described here:
http://sabnzbd.wikidot.com/cross-site-vulnerability/
Changes:
* Restrict to python2.5 and lower
* Bump PORTREVISION as python2.6 installs are broken
* Change dependency on devel/py-celementtree for python2.4 only
* Add pkg-message about api error and vulnerability
>How-To-Repeat:
>Fix:
--- sabnzbdplus-0.4.11_1 begins here ---
diff -ruN /usr/ports/news/sabnzbdplus/Makefile sabnzbdplus/Makefile
--- /usr/ports/news/sabnzbdplus/Makefile 2009-08-22 03:46:07.000000000 -0600
+++ sabnzbdplus/Makefile 2009-09-19 13:20:36.000000000 -0600
@@ -7,6 +7,7 @@
PORTNAME= sabnzbdplus
PORTVERSION= 0.4.11
+PORTREVISION= 1
CATEGORIES= news
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/sabnzbd-${PORTVERSION}
DISTNAME= SABnzbd-${PORTVERSION}-src
@@ -16,11 +17,13 @@
RUN_DEPENDS= cheetah:${PORTSDIR}/devel/py-cheetah \
${PYTHON_SITELIBDIR}/cherrypy/__init__.py:${PORTSDIR}/www/py-cherrypy-old \
- ${PYTHON_SITELIBDIR}/pythonutils/configobj.py:${PORTSDIR}/devel/py-utils \
- ${PYTHON_SITELIBDIR}/cElementTree.so:${PORTSDIR}/devel/py-celementtree
+ ${PYTHON_SITELIBDIR}/pythonutils/configobj.py:${PORTSDIR}/devel/py-utils
BUILD_DEPENDS= ${RUN_DEPENDS}
-USE_PYTHON= 2.4+
+USE_PYTHON= -2.5
+
+PYVERSION= ${PYTHON_VERSION:S/^python//}
+
NO_BUILD= yes
WRKSRC= ${WRKDIR}/SABnzbd-${PORTVERSION}
PLIST_SUB= PORTNAME=${PORTNAME}
@@ -34,6 +37,10 @@
.include <bsd.port.pre.mk>
+.if defined(PYTHON_VERSION) && ${PYVERSION:S/.//} < 25
+RUN_DEPENDS+= ${PYTHON_SITELIBDIR}/cElementTree.so:${PORTSDIR}/devel/py-celementtree
+.endif
+
.if !defined(WITHOUT_PAR2CMDLINE)
RUN_DEPENDS+= par2repair:${PORTSDIR}/archivers/par2cmdline
.endif
@@ -72,5 +79,5 @@
${CP} ${WRKSRC}/$i ${DOCSDIR}
.endfor
.endif
-
+ @${CAT} pkg-message
.include <bsd.port.post.mk>
diff -ruN /usr/ports/news/sabnzbdplus/pkg-message sabnzbdplus/pkg-message
--- /usr/ports/news/sabnzbdplus/pkg-message 1969-12-31 17:00:00.000000000 -0700
+++ sabnzbdplus/pkg-message 2009-09-19 12:54:29.000000000 -0600
@@ -0,0 +1,16 @@
+
+
+* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+
+Due to the version of devel/py-cheetah in ports api keys do
+not work. To get around the error modify the following line
+in your sabnzbd.ini file:
+
+ disable_api_key = 1
+
+Note however that by disabling the api key feature you may
+be at risk of the Cross-site Request Vulnerability described
+here: http://sabnzbd.wikidot.com/cross-site-vulnerability/
+
+* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+
--- sabnzbdplus-0.4.11_1 ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list