From owner-freebsd-ports Tue Jun 27 12:14:39 2000 Delivered-To: freebsd-ports@freebsd.org Received: from falcon.home.hentschel.net (d83b0468.dsl.flashcom.net [216.59.4.104]) by hub.freebsd.org (Postfix) with ESMTP id 0DE6037BBD8; Tue, 27 Jun 2000 12:14:35 -0700 (PDT) (envelope-from thomas@falcon.home.hentschel.net) Received: from falcon.home.hentschel.net (thomas@localhost [127.0.0.1]) by falcon.home.hentschel.net (8.9.3/8.9.3) with ESMTP id MAA55394; Tue, 27 Jun 2000 12:07:54 -0700 (PDT) (envelope-from thomas@falcon.home.hentschel.net) Message-Id: <200006271907.MAA55394@falcon.home.hentschel.net> Date: Tue, 27 Jun 2000 12:07:53 -0700 (PDT) From: thomas@hentschel.net Subject: Re: ports/19329: zope ports security vulnerability To: alex@FreeBSD.org Cc: freebsd-ports@FreeBSD.org In-Reply-To: <200006271032.DAA20192@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 27 Jun, alex@FreeBSD.org wrote: > Synopsis: zope ports security vulnerability > > State-Changed-From-To: open->feedback > State-Changed-By: alex > State-Changed-When: Tue Jun 27 03:28:46 PDT 2000 > State-Changed-Why: > alex:~/work/zope $ make >>> Zope-2.1.7-src.tgz doesn't seem to exist on this system. >>> Attempting to fetch from http://www.zope.org/Products/Zope/2.1.7/. > fetch: Zope-2.1.7-src.tgz: www.zope.org: HTTP server returned error code 404 >>> Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/. > fetch: pub/FreeBSD/ports/distfiles/Zope-2.1.7-src.tgz: cannot get remote modification time > fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/Zope-2.1.7-src.tgz: FTP error: > fetch: File unavailable (e.g., file not found, no access) >>> Couldn't fetch it - please try to retrieve this >>> port manually into /usr/ports/distfiles/ and try again. > *** Error code 1 > > And I can't find the 2.1.7 distfile anywhere on the mastersite... > > How come? > > Well, Digital Creations (the creators of zope) decided to pull that release (it had other problems) and create a "hotfix" instead (http://www.zope.org/ZopeNews?query_start=13) which has to be installed thru Zope. I send out a mail in regards to that as soon as I became aware of it, it's attached below again. -Th From: thomas@hentschel.net Subject: Re: ports/19329: zope ports security vulnerability Date: Fri, 16 Jun 2000 11:16:59 -0700 (PDT) To: gnats-admin@FreeBSD.org Cc: freebsd-ports@FreeBSD.org Oh well, scratch that PR. Digital Creations changed their mind and pulled the 2.1.7 release in favor of a hotfix which can be found at http://www.zope.org/Products/Zope/Hotfix_06_16_2000. This will fix the aforementioned security problem. This makes the patch below obsolete, so this PR can be closed -Th To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message