Date: Sat, 9 Dec 2006 16:17:04 +0900 (JST) From: HAYASHI Yasushi <yasi@yasi.to> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/106505: [security update] www/zope includes Hotfix and security/vuxml Message-ID: <200612090717.kB97H4wb027242@www.yasi.to> Resent-Message-ID: <200612090720.kB97KI5f089995@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 106505 >Category: ports >Synopsis: [security update] www/zope includes Hotfix and security/vuxml >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Dec 09 07:20:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: HAYASHI Yasushi >Release: FreeBSD 6.2-PRERELEASE i386 >Organization: >Environment: System: FreeBSD www.yasi.to 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu Dec 7 04:22:08 JST 2006 yasi@www.yasi.to:/usr/obj/usr/src/sys/MYKERNEL i386 >Description: www/zope doesn't include Hotfix-20060821 long time. See detail at: http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt And also, security/vuxml pointed this vulnerablity for too wide Zope version. So www/zope3 couldn't install which doesn't contain this vulnerable. >How-To-Repeat: >Fix: --- zope27.txt begins here --- diff -urN /usr/ports/www/zope.old/Makefile /usr/ports/www/zope/Makefile --- /usr/ports/www/zope.old/Makefile Sat Jul 15 23:49:41 2006 +++ /usr/ports/www/zope/Makefile Sat Dec 9 16:05:53 2006 @@ -7,17 +7,21 @@ PORTNAME= zope PORTVERSION= 2.7.9 +PORTREVISION= 1 CATEGORIES= www python zope -MASTER_SITES= http://www.zope.org/Products/Zope/Zope-${PORTVERSION}/ -DISTNAME= Zope-${PORTVERSION}-final -EXTRACT_SUFX= .tgz +MASTER_SITES= http://www.zope.org/Products/Zope/Zope-${PORTVERSION}/:src \ + http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/:hotfix +DISTFILES= Zope-${PORTVERSION}-final.tgz:src \ + ${HOTFIX}.tar.gz:hotfix MAINTAINER= estartu@augusta.de COMMENT= An object-based web application platform +WRKSRC= ${WRKDIR}/Zope-${PORTVERSION}-final USE_PYTHON= 2.3 USE_RC_SUBR= yes DIST_SUBDIR= zope +HOTFIX= Hotfix_20060821 # Note: the notes that follow reflect the decisions of prior maintainers # of this port. IOW, don't blame me if you don't like the way it's done. @@ -65,7 +69,11 @@ -e 's,^\(EXENAMES="\).*"$$,\1${PYTHON_VERSION}",g' \ ${WRKSRC}/configure +post-build: + -${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py ${WRKDIR}/${HOTFIX} + post-install: + @${CP} -R ${WRKDIR}/${HOTFIX} ${ZOPEBASEDIR}/lib/python/Products/ @${MV} ${ZOPEBASEDIR}/skel/etc/zope.conf.in ${ZOPEBASEDIR}/skel/etc/zope.conf.sample.in @${SED} ${CONFIG_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} < ${FILESDIR}/pkg-message.in \ > ${PKGMESSAGE} diff -urN /usr/ports/www/zope.old/distinfo /usr/ports/www/zope/distinfo --- /usr/ports/www/zope.old/distinfo Sat Jul 15 23:49:41 2006 +++ /usr/ports/www/zope/distinfo Wed Dec 6 21:55:39 2006 @@ -1,3 +1,6 @@ MD5 (zope/Zope-2.7.9-final.tgz) = d44e19ca501f6629375f8f0b40c72e08 SHA256 (zope/Zope-2.7.9-final.tgz) = b3982421dded26e95c8a5a7272365224ba399d552a143a9d457509f11b9d94ab SIZE (zope/Zope-2.7.9-final.tgz) = 2993519 +MD5 (zope/Hotfix_20060821.tar.gz) = 5cb921d15ff6d290bfc73bdc20ff67c1 +SHA256 (zope/Hotfix_20060821.tar.gz) = 6ba5f717cc7443c6182c5b829f2a4228e7c56667d07e2b6fad8323ab1ec850af +SIZE (zope/Hotfix_20060821.tar.gz) = 1050 diff -urN /usr/ports/www/zope.old/pkg-plist /usr/ports/www/zope/pkg-plist --- /usr/ports/www/zope.old/pkg-plist Tue Oct 18 03:07:26 2005 +++ /usr/ports/www/zope/pkg-plist Fri Dec 8 12:55:45 2006 @@ -711,6 +711,10 @@ %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests/testExternalMethod.pyc %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/version.txt %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www/function.gif +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/README.txt +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.py +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/__init__.pyc +%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821/version.txt %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt @@ -3100,6 +3104,7 @@ @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost/dtml @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools +@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_20060821 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests/Extensions @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/tests --- zope27.txt ends here --- --- vuxml.txt begins here --- diff -urN /usr/ports/security/vuxml.old/vuln.xml /usr/ports/security/vuxml/vuln.xml --- /usr/ports/security/vuxml.old/vuln.xml Sat Dec 9 08:58:00 2006 +++ /usr/ports/security/vuxml/vuln.xml Sat Dec 9 15:48:58 2006 @@ -2163,7 +2163,8 @@ <affects> <package> <name>zope</name> - <range><ge>0</ge></range> + <range><ge>2.7.0</ge><le>2.7.9</le></range> + <range><ge>2.8.0</ge><le>2.8.8</le></range> </package> </affects> <description> --- vuxml.txt ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612090717.kB97H4wb027242>