ports/106505: [security update] www/zope includes Hotfix and security/vuxml
HAYASHI Yasushi
yasi at yasi.to
Sat Dec 9 07:20:19 UTC 2006
>Number: 106505
>Category: ports
>Synopsis: [security update] www/zope includes Hotfix and security/vuxml
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Dec 09 07:20:02 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: HAYASHI Yasushi
>Release: FreeBSD 6.2-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD www.yasi.to 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu Dec 7 04:22:08 JST 2006 yasi at www.yasi.to:/usr/obj/usr/src/sys/MYKERNEL i386
>Description:
www/zope doesn't include Hotfix-20060821 long time.
See detail at:
http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt
And also, security/vuxml pointed this vulnerablity for too wide Zope version.
So www/zope3 couldn't install which doesn't contain this vulnerable.
>How-To-Repeat:
>Fix:
--- zope27.txt begins here ---
diff -urN /usr/ports/www/zope.old/Makefile /usr/ports/www/zope/Makefile
--- /usr/ports/www/zope.old/Makefile Sat Jul 15 23:49:41 2006
+++ /usr/ports/www/zope/Makefile Sat Dec 9 16:05:53 2006
@@ -7,17 +7,21 @@
PORTNAME= zope
PORTVERSION= 2.7.9
+PORTREVISION= 1
CATEGORIES= www python zope
-MASTER_SITES= http://www.zope.org/Products/Zope/Zope-${PORTVERSION}/
-DISTNAME= Zope-${PORTVERSION}-final
-EXTRACT_SUFX= .tgz
+MASTER_SITES= http://www.zope.org/Products/Zope/Zope-${PORTVERSION}/:src \
+ http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix
+DISTFILES= Zope-${PORTVERSION}-final.tgz:src \
+ ${HOTFIX}.tar.gz:hotfix
MAINTAINER= estartu at augusta.de
COMMENT= An object-based web application platform
+WRKSRC= ${WRKDIR}/Zope-${PORTVERSION}-final
USE_PYTHON= 2.3
USE_RC_SUBR= yes
DIST_SUBDIR= zope
+HOTFIX= Hotfix_20060821
# Note: the notes that follow reflect the decisions of prior maintainers
# of this port. IOW, don't blame me if you don't like the way it's done.
@@ -65,7 +69,11 @@
-e 's,^\(EXENAMES="\).*"$$,\1${PYTHON_VERSION}",g' \
${WRKSRC}/configure
+post-build:
+ -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX}
+
post-install:
+ @${CP} -R ${WRKDIR}/${HOTFIX} ${ZOPEBASEDIR}/lib/python/Products/
@${MV} ${ZOPEBASEDIR}/skel/etc/zope.conf.in ${ZOPEBASEDIR}/skel/etc/zope.conf.sample.in
@${SED} ${CONFIG_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} < ${FILESDIR}/pkg-message.in \
> ${PKGMESSAGE}
diff -urN /usr/ports/www/zope.old/distinfo /usr/ports/www/zope/distinfo
--- /usr/ports/www/zope.old/distinfo Sat Jul 15 23:49:41 2006
+++ /usr/ports/www/zope/distinfo Wed Dec 6 21:55:39 2006
@@ -1,3 +1,6 @@
MD5 (zope/Zope-2.7.9-final.tgz) = d44e19ca501f6629375f8f0b40c72e08
SHA256 (zope/Zope-2.7.9-final.tgz) = b3982421dded26e95c8a5a7272365224ba399d552a143a9d457509f11b9d94ab
SIZE (zope/Zope-2.7.9-final.tgz) = 2993519
+MD5 (zope/Hotfix_20060821.tar.gz) = 5cb921d15ff6d290bfc73bdc20ff67c1
+SHA256 (zope/Hotfix_20060821.tar.gz) = 6ba5f717cc7443c6182c5b829f2a4228e7c56667d07e2b6fad8323ab1ec850af
+SIZE (zope/Hotfix_20060821.tar.gz) = 1050
diff -urN /usr/ports/www/zope.old/pkg-plist /usr/ports/www/zope/pkg-plist
--- /usr/ports/www/zope.old/pkg-plist Tue Oct 18 03:07:26 2005
+++ /usr/ports/www/zope/pkg-plist Fri Dec 8 12:55:45 2006
@@ -711,6 +711,10 @@
%%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests/testExternalMethod.pyc
%%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/version.txt
%%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www/function.gif
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/README.txt
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.pyc
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/version.txt
%%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py
%%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc
%%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt
@@ -3100,6 +3104,7 @@
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost/dtml
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools
+ at dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests/Extensions
@dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests
--- zope27.txt ends here ---
--- vuxml.txt begins here ---
diff -urN /usr/ports/security/vuxml.old/vuln.xml /usr/ports/security/vuxml/vuln.xml
--- /usr/ports/security/vuxml.old/vuln.xml Sat Dec 9 08:58:00 2006
+++ /usr/ports/security/vuxml/vuln.xml Sat Dec 9 15:48:58 2006
@@ -2163,7 +2163,8 @@
<affects>
<package>
<name>zope</name>
- <range><ge>0</ge></range>
+ <range><ge>2.7.0</ge><le>2.7.9</le></range>
+ <range><ge>2.8.0</ge><le>2.8.8</le></range>
</package>
</affects>
<description>
--- vuxml.txt ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list