ports/138976: [patch] Restrict news/sabnzbd to python <= v2.5

Sat Sep 19 21:40:05 UTC 2009

>Number:         138976
>Category:       ports
>Synopsis:       [patch] Restrict news/sabnzbd to python <= v2.5
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 19 21:40:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     hideo
>Release:        FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD darwin.lastamericanempire.com 7.2-STABLE FreeBSD 7.2-STABLE #0: Thu Sep 17 13:01:02 MDT 2009 hideo at darwin.lastamericanempire.com:/usr/obj/usr/src/sys/darwin i386


	
>Description:
SABnzbd only works with python2.5 and lower. Also, due to the version
of devel/py-cheetah in ports, it won't work unless the api key feature
introduced in v0.4.9 is disabled in the user's ini file. This *may*
expose a user to the vulnerability described here:

	http://sabnzbd.wikidot.com/cross-site-vulnerability/  

Changes:
	* Restrict to python2.5 and lower
	* Bump PORTREVISION as python2.6 installs are broken
	* Change dependency on devel/py-celementtree for python2.4 only
	* Add pkg-message about api error and vulnerability

>How-To-Repeat:
	
>Fix:

--- sabnzbdplus-0.4.11_1 begins here ---
diff -ruN /usr/ports/news/sabnzbdplus/Makefile sabnzbdplus/Makefile
--- /usr/ports/news/sabnzbdplus/Makefile	2009-08-22 03:46:07.000000000 -0600
+++ sabnzbdplus/Makefile	2009-09-19 13:20:36.000000000 -0600
@@ -7,6 +7,7 @@
 
 PORTNAME=	sabnzbdplus
 PORTVERSION=	0.4.11
+PORTREVISION=	1
 CATEGORIES=	news
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/sabnzbd-${PORTVERSION}
 DISTNAME=	SABnzbd-${PORTVERSION}-src
@@ -16,11 +17,13 @@
 
 RUN_DEPENDS=	cheetah:${PORTSDIR}/devel/py-cheetah \
 		${PYTHON_SITELIBDIR}/cherrypy/__init__.py:${PORTSDIR}/www/py-cherrypy-old \
-		${PYTHON_SITELIBDIR}/pythonutils/configobj.py:${PORTSDIR}/devel/py-utils \
-		${PYTHON_SITELIBDIR}/cElementTree.so:${PORTSDIR}/devel/py-celementtree
+		${PYTHON_SITELIBDIR}/pythonutils/configobj.py:${PORTSDIR}/devel/py-utils
 BUILD_DEPENDS=	${RUN_DEPENDS}
 
-USE_PYTHON=	2.4+
+USE_PYTHON=	-2.5
+
+PYVERSION=	${PYTHON_VERSION:S/^python//}
+
 NO_BUILD=	yes
 WRKSRC=		${WRKDIR}/SABnzbd-${PORTVERSION}
 PLIST_SUB=	PORTNAME=${PORTNAME}
@@ -34,6 +37,10 @@
 
 .include <bsd.port.pre.mk>
 
+.if defined(PYTHON_VERSION) && ${PYVERSION:S/.//} < 25
+RUN_DEPENDS+=	${PYTHON_SITELIBDIR}/cElementTree.so:${PORTSDIR}/devel/py-celementtree
+.endif
+
 .if !defined(WITHOUT_PAR2CMDLINE)
 RUN_DEPENDS+=	par2repair:${PORTSDIR}/archivers/par2cmdline
 .endif
@@ -72,5 +79,5 @@
 	${CP} ${WRKSRC}/$i ${DOCSDIR}
 .endfor
 .endif
-
+	@${CAT} pkg-message
 .include <bsd.port.post.mk>
diff -ruN /usr/ports/news/sabnzbdplus/pkg-message sabnzbdplus/pkg-message
--- /usr/ports/news/sabnzbdplus/pkg-message	1969-12-31 17:00:00.000000000 -0700
+++ sabnzbdplus/pkg-message	2009-09-19 12:54:29.000000000 -0600
@@ -0,0 +1,16 @@
+
+
+* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+
+Due to the version of devel/py-cheetah in ports api keys do
+not work. To get around the error modify the following line 
+in your sabnzbd.ini file:
+
+    disable_api_key = 1
+
+Note however that by disabling the api key feature you may
+be at risk of the Cross-site Request Vulnerability described
+here: http://sabnzbd.wikidot.com/cross-site-vulnerability/
+
+* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+
--- sabnzbdplus-0.4.11_1 ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

