From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Mar 7 12:00:19 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5EC01065677 for ; Sat, 7 Mar 2009 12:00:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C0E978FC1C for ; Sat, 7 Mar 2009 12:00:17 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n27C0HY4032594 for ; Sat, 7 Mar 2009 12:00:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n27C0HnU032593; Sat, 7 Mar 2009 12:00:17 GMT (envelope-from gnats) Resent-Date: Sat, 7 Mar 2009 12:00:17 GMT Resent-Message-Id: <200903071200.n27C0HnU032593@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Gerhard Schmidt Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 655241065674 for ; Sat, 7 Mar 2009 11:56:10 +0000 (UTC) (envelope-from estartu@starbox.augusta.de) Received: from inga.augusta.de (inga.augusta.de [77.90.142.2]) by mx1.freebsd.org (Postfix) with ESMTP id D1AE28FC0C for ; Sat, 7 Mar 2009 11:56:09 +0000 (UTC) (envelope-from estartu@starbox.augusta.de) Received: from inga.augusta.de (localhost [127.0.0.1]) by inga.augusta.de (8.13.4/8.13.4) with ESMTP id n27BbTLi046992 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 7 Mar 2009 12:37:29 +0100 (CET) (envelope-from estartu@starbox.augusta.de) Received: (from uucp@localhost) by inga.augusta.de (8.13.4/8.13.4/Submit) with UUCP id n27BbT0G046991 for FreeBSD-gnats-submit@freebsd.org; Sat, 7 Mar 2009 12:37:29 +0100 (CET) (envelope-from estartu@starbox.augusta.de) Received: from etustar.starbox.augusta.de (etustar.starbox.augusta.de [192.168.71.7]) by gatekeeper.starbox.augusta.de (8.14.3/8.14.3) with ESMTP id n27BaC9I036568 for ; Sat, 7 Mar 2009 12:36:12 +0100 (CET) (envelope-from estartu@etustar.starbox.augusta.de) Received: from etustar.starbox.augusta.de (localhost [127.0.0.1]) by etustar.starbox.augusta.de (8.14.3/8.14.3) with ESMTP id n27B8O6u034432 for ; Sat, 7 Mar 2009 12:08:24 +0100 (CET) (envelope-from estartu@etustar.starbox.augusta.de) Received: (from root@localhost) by etustar.starbox.augusta.de (8.14.3/8.14.3/Submit) id n27B8Oc9034431; Sat, 7 Mar 2009 12:08:24 +0100 (CET) (envelope-from estartu) Message-Id: <200903071108.n27B8Oc9034431@etustar.starbox.augusta.de> Date: Sat, 7 Mar 2009 12:08:24 +0100 (CET) From: Gerhard Schmidt To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/132383: HotFix for vulnerability http://VuXML.FreeBSD.org/34414a1e-e377-11db-b8ab-000c76189c4c.html included X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2009 12:00:20 -0000 >Number: 132383 >Category: ports >Synopsis: HotFix for vulnerability http://VuXML.FreeBSD.org/34414a1e-e377-11db-b8ab-000c76189c4c.html included >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Mar 07 12:00:16 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Gerhard Schmidt >Release: FreeBSD 7.1-RELEASE-p3 amd64 >Organization: Augsburger Computer Forum e.V. >Environment: System: FreeBSD etustar.starbox.augusta.de 7.1-RELEASE-p3 FreeBSD 7.1-RELEASE-p3 #0: Fri Feb 27 10:29:29 CET 2009 root@etustar.starbox.augusta.de:/usr/src/sys/amd64/compile/ETUSTAR amd64 >Description: HotFix for vulnerability http://VuXML.FreeBSD.org/34414a1e-e377-11db-b8ab-000c76189c4c.html included The unittests privided with the Hotfix running without error >How-To-Repeat: >Fix: --- Makefile.orig 2009-03-07 12:03:57.000000000 +0100 +++ Makefile 2009-03-07 12:02:26.000000000 +0100 @@ -7,25 +7,22 @@ PORTNAME= zope PORTVERSION= 2.7.9 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www python zope MASTER_SITES= http://www.zope.org/Products/Zope/Zope-${PORTVERSION}/:src \ - http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix + http://www.zope.org/Products/Zope/Hotfix-2007-03-20/Hotfix-20070320/:hotfix DISTFILES= Zope-${PORTVERSION}-final.tgz:src \ - ${HOTFIX}.tar.gz:hotfix + ${HOTFIX}.tgz:hotfix MAINTAINER= estartu@augusta.de COMMENT= An object-based web application platform WRKSRC= ${WRKDIR}/Zope-${PORTVERSION}-final -USE_PYTHON= 2.3 +USE_PYTHON= 2.4 USE_RC_SUBR= yes DIST_SUBDIR= zope -HOTFIX= Hotfix_20060821 +HOTFIX= Hotfix_20070320 -FORBIDDEN= contains cross-site scripting vulnerability http://VuXML.FreeBSD.org/34414a1e-e377-11db-b8ab-000c76189c4c.html -DEPRECATED= has been forbidden for more than 6 months -EXPIRATION_DATE=2009-01-19 # Note: the notes that follow reflect the decisions of prior maintainers # of this port. IOW, don't blame me if you don't like the way it's done. --- distinfo.orig 2009-03-07 12:04:12.000000000 +0100 +++ distinfo 2009-03-07 11:32:53.000000000 +0100 @@ -1,6 +1,6 @@ MD5 (zope/Zope-2.7.9-final.tgz) = d44e19ca501f6629375f8f0b40c72e08 SHA256 (zope/Zope-2.7.9-final.tgz) = b3982421dded26e95c8a5a7272365224ba399d552a143a9d457509f11b9d94ab SIZE (zope/Zope-2.7.9-final.tgz) = 2993519 -MD5 (zope/Hotfix_20060821.tar.gz) = 5cb921d15ff6d290bfc73bdc20ff67c1 -SHA256 (zope/Hotfix_20060821.tar.gz) = 6ba5f717cc7443c6182c5b829f2a4228e7c56667d07e2b6fad8323ab1ec850af -SIZE (zope/Hotfix_20060821.tar.gz) = 1050 +MD5 (zope/Hotfix_20070320.tgz) = 0b4cd365d99731e18827ead11400087d +SHA256 (zope/Hotfix_20070320.tgz) = 3b8760301826aba22386a561de48523663fc7840fc11280e2c34163ba4be383a +SIZE (zope/Hotfix_20070320.tgz) = 3805 --- pkg-plist.orig 2009-03-07 12:04:38.000000000 +0100 +++ pkg-plist 2009-03-07 11:56:49.000000000 +0100 @@ -711,10 +711,14 @@ %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests/testExternalMethod.pyc %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/version.txt %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www/function.gif -%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/README.txt -%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.py -%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.pyc -%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/version.txt +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/README.txt +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/__init__.py +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/__init__.pyc +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/version.txt +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/__init__.py +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/__init__.pyc +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/test_hotfix.py +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests/test_hotfix.pyc %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt @@ -3104,7 +3108,8 @@ @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost/dtml @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools -@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821 +@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320/tests +@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20070320 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests/Extensions @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests >Release-Note: >Audit-Trail: >Unformatted: