From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Dec 9 07:20:19 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1EAEE16A40F for ; Sat, 9 Dec 2006 07:20:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 348F243CA3 for ; Sat, 9 Dec 2006 07:19:16 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kB97KIfw089996 for ; Sat, 9 Dec 2006 07:20:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kB97KI5f089995; Sat, 9 Dec 2006 07:20:18 GMT (envelope-from gnats) Resent-Date: Sat, 9 Dec 2006 07:20:18 GMT Resent-Message-Id: <200612090720.kB97KI5f089995@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, HAYASHI Yasushi Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ECFB716A407 for ; Sat, 9 Dec 2006 07:17:07 +0000 (UTC) (envelope-from yasi@www.yasi.to) Received: from www.yasi.to (58-188-176-207.eonet.ne.jp [58.188.176.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3134A43CA2 for ; Sat, 9 Dec 2006 07:16:04 +0000 (GMT) (envelope-from yasi@www.yasi.to) Received: from www.yasi.to (localhost.yasi.to [127.0.0.1]) by www.yasi.to (8.13.8/8.13.8) with ESMTP id kB97H5Cg027243 for ; Sat, 9 Dec 2006 16:17:05 +0900 (JST) (envelope-from yasi@www.yasi.to) Received: (from yasi@localhost) by www.yasi.to (8.13.8/8.13.8/Submit) id kB97H4wb027242; Sat, 9 Dec 2006 16:17:04 +0900 (JST) (envelope-from yasi) Message-Id: <200612090717.kB97H4wb027242@www.yasi.to> Date: Sat, 9 Dec 2006 16:17:04 +0900 (JST) From: HAYASHI Yasushi To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/106505: [security update] www/zope includes Hotfix and security/vuxml X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: HAYASHI Yasushi List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Dec 2006 07:20:19 -0000 >Number: 106505 >Category: ports >Synopsis: [security update] www/zope includes Hotfix and security/vuxml >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Dec 09 07:20:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: HAYASHI Yasushi >Release: FreeBSD 6.2-PRERELEASE i386 >Organization: >Environment: System: FreeBSD www.yasi.to 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu Dec 7 04:22:08 JST 2006 yasi@www.yasi.to:/usr/obj/usr/src/sys/MYKERNEL i386 >Description: www/zope doesn't include Hotfix-20060821 long time. See detail at: http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt And also, security/vuxml pointed this vulnerablity for too wide Zope version. So www/zope3 couldn't install which doesn't contain this vulnerable. >How-To-Repeat: >Fix: --- zope27.txt begins here --- diff -urN /usr/ports/www/zope.old/Makefile /usr/ports/www/zope/Makefile --- /usr/ports/www/zope.old/Makefile Sat Jul 15 23:49:41 2006 +++ /usr/ports/www/zope/Makefile Sat Dec 9 16:05:53 2006 @@ -7,17 +7,21 @@ PORTNAME= zope PORTVERSION= 2.7.9 +PORTREVISION= 1 CATEGORIES= www python zope -MASTER_SITES= http://www.zope.org/Products/Zope/Zope-${PORTVERSION}/ -DISTNAME= Zope-${PORTVERSION}-final -EXTRACT_SUFX= .tgz +MASTER_SITES= http://www.zope.org/Products/Zope/Zope-${PORTVERSION}/:src \ + http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix +DISTFILES= Zope-${PORTVERSION}-final.tgz:src \ + ${HOTFIX}.tar.gz:hotfix MAINTAINER= estartu@augusta.de COMMENT= An object-based web application platform +WRKSRC= ${WRKDIR}/Zope-${PORTVERSION}-final USE_PYTHON= 2.3 USE_RC_SUBR= yes DIST_SUBDIR= zope +HOTFIX= Hotfix_20060821 # Note: the notes that follow reflect the decisions of prior maintainers # of this port. IOW, don't blame me if you don't like the way it's done. @@ -65,7 +69,11 @@ -e 's,^\(EXENAMES="\).*"$$,\1${PYTHON_VERSION}",g' \ ${WRKSRC}/configure +post-build: + -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX} + post-install: + @${CP} -R ${WRKDIR}/${HOTFIX} ${ZOPEBASEDIR}/lib/python/Products/ @${MV} ${ZOPEBASEDIR}/skel/etc/zope.conf.in ${ZOPEBASEDIR}/skel/etc/zope.conf.sample.in @${SED} ${CONFIG_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} < ${FILESDIR}/pkg-message.in \ > ${PKGMESSAGE} diff -urN /usr/ports/www/zope.old/distinfo /usr/ports/www/zope/distinfo --- /usr/ports/www/zope.old/distinfo Sat Jul 15 23:49:41 2006 +++ /usr/ports/www/zope/distinfo Wed Dec 6 21:55:39 2006 @@ -1,3 +1,6 @@ MD5 (zope/Zope-2.7.9-final.tgz) = d44e19ca501f6629375f8f0b40c72e08 SHA256 (zope/Zope-2.7.9-final.tgz) = b3982421dded26e95c8a5a7272365224ba399d552a143a9d457509f11b9d94ab SIZE (zope/Zope-2.7.9-final.tgz) = 2993519 +MD5 (zope/Hotfix_20060821.tar.gz) = 5cb921d15ff6d290bfc73bdc20ff67c1 +SHA256 (zope/Hotfix_20060821.tar.gz) = 6ba5f717cc7443c6182c5b829f2a4228e7c56667d07e2b6fad8323ab1ec850af +SIZE (zope/Hotfix_20060821.tar.gz) = 1050 diff -urN /usr/ports/www/zope.old/pkg-plist /usr/ports/www/zope/pkg-plist --- /usr/ports/www/zope.old/pkg-plist Tue Oct 18 03:07:26 2005 +++ /usr/ports/www/zope/pkg-plist Fri Dec 8 12:55:45 2006 @@ -711,6 +711,10 @@ %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests/testExternalMethod.pyc %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/version.txt %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www/function.gif +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/README.txt +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.py +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.pyc +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/version.txt %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt @@ -3100,6 +3104,7 @@ @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost/dtml @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools +@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests/Extensions @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests --- zope27.txt ends here --- --- vuxml.txt begins here --- diff -urN /usr/ports/security/vuxml.old/vuln.xml /usr/ports/security/vuxml/vuln.xml --- /usr/ports/security/vuxml.old/vuln.xml Sat Dec 9 08:58:00 2006 +++ /usr/ports/security/vuxml/vuln.xml Sat Dec 9 15:48:58 2006 @@ -2163,7 +2163,8 @@ zope - 0 + 2.7.02.7.9 + 2.8.02.8.8 --- vuxml.txt ends here --- >Release-Note: >Audit-Trail: >Unformatted: