Date: Fri, 23 Mar 2007 21:51:04 GMT From: Yasushi Hayashi<yasi@yasi.to> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/110735: [security fix] www/zope28 update to fix vulnerability Message-ID: <200703232151.l2NLp4tO083178@www.freebsd.org> Resent-Message-ID: <200703232200.l2NM0Ch7020753@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 110735 >Category: ports >Synopsis: [security fix] www/zope28 update to fix vulnerability >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Mar 23 22:00:12 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Yasushi Hayashi >Release: FreeBSD 6.2-STABLE i386 >Organization: >Environment: System: FreeBSD www.yasi.to 6.2-STABLE FreeBSD 6.2-STABLE #1: Sat Feb 10 09:05:27 JST 2007 root@www.yasi.to:/usr/obj/usr/src/sys/GENERIC i386 >Description: In March 20,2007, Zope.org released hotfix for cross-site scripting vulnerability. See: http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view This PR upgrade www/zope28. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -urN /usr/ports/www/zope28.old/Makefile /usr/ports/www/zope28/Makefile --- /usr/ports/www/zope28.old/Makefile Thu Jan 4 22:16:03 2007 +++ /usr/ports/www/zope28/Makefile Thu Mar 22 22:04:37 2007 @@ -7,12 +7,14 @@ PORTNAME= zope PORTVERSION= 2.8.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www python zope MASTER_SITES= http://www.zope.org/Products/Zope/${PORTVERSION}/:src \ - http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix + http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix1 \ + http://www.zope.org/Products/Zope/Hotfix-2007-03-20/Hotfix-20070320/:hotfix2 DISTFILES= Zope-${PORTVERSION}-final.tgz:src \ - ${HOTFIX}.tar.gz:hotfix + ${HOTFIX1}.tar.gz:hotfix1 \ + ${HOTFIX2}.tgz:hotfix2 DIST_SUBDIR= zope MAINTAINER= dsh@vlink.ru @@ -21,7 +23,8 @@ WRKSRC= ${WRKDIR}/Zope-${PORTVERSION}-final USE_PYTHON= 2.3-2.4 USE_RC_SUBR= ${PORTNAME}28.sh zeo28.sh -HOTFIX= Hotfix_20060821 +HOTFIX1= Hotfix_20060821 +HOTFIX2= Hotfix_20070320 LATEST_LINK= zope28 # Note: the notes that follow reflect the decisions of prior maintainers @@ -71,10 +74,12 @@ ${WRKSRC}/configure post-build: - -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX} + -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX1} + -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX2} post-install: - @${CP} -R ${WRKDIR}/${HOTFIX} ${ZOPEBASEDIR}/lib/python/Products/ + @${CP} -R ${WRKDIR}/${HOTFIX1} ${ZOPEBASEDIR}/lib/python/Products/ + @${CP} -R ${WRKDIR}/${HOTFIX2} ${ZOPEBASEDIR}/lib/python/Products/ ${MV} ${ZOPEBASEDIR}/skel/etc/zope.conf.in \ ${ZOPEBASEDIR}/skel/etc/zope.conf.sample.in diff -urN /usr/ports/www/zope28.old/distinfo /usr/ports/www/zope28/distinfo --- /usr/ports/www/zope28.old/distinfo Thu Jan 4 22:16:03 2007 +++ /usr/ports/www/zope28/distinfo Thu Mar 22 22:05:02 2007 @@ -4,3 +4,6 @@ MD5 (zope/Hotfix_20060821.tar.gz) = 5cb921d15ff6d290bfc73bdc20ff67c1 SHA256 (zope/Hotfix_20060821.tar.gz) = 6ba5f717cc7443c6182c5b829f2a4228e7c56667d07e2b6fad8323ab1ec850af SIZE (zope/Hotfix_20060821.tar.gz) = 1050 +MD5 (zope/Hotfix_20070320.tgz) = 0b4cd365d99731e18827ead11400087d +SHA256 (zope/Hotfix_20070320.tgz) = 3b8760301826aba22386a561de48523663fc7840fc11280e2c34163ba4be383a +SIZE (zope/Hotfix_20070320.tgz) = 3805 diff -urN /usr/ports/www/zope28.old/pkg-plist /usr/ports/www/zope28/pkg-plist --- /usr/ports/www/zope28.old/pkg-plist Thu Jan 4 22:16:03 2007 +++ /usr/ports/www/zope28/pkg-plist Thu Mar 22 22:00:24 2007 @@ -943,6 +943,14 @@ %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.py %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.pyc %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/version.txt +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/README.txt +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/__init__.py +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/__init__.pyc +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/__init__.py +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/__init__.pyc +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/test_hotfix.py +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/test_hotfix.pyc +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/version.txt %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt @@ -6838,6 +6846,8 @@ @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST/tests @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST/www @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ZReST +@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests +@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools @dirrm %%ZOPEBASEDIR%%/lib/python/Products/StandardCacheManagers/tests >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703232151.l2NLp4tO083178>