Date: Mon, 10 Oct 2005 13:20:30 +0400 (MSD) From: Denis Shaposhnikov <dsh@vlink.ru> To: FreeBSD-gnats-submit@FreeBSD.org Cc: dsh@neva.vlink.ru Subject: ports/87198: update port: www/zope28 (Hotfix 2005-10-09 Alert) Message-ID: <200510100920.j9A9KUAh009530@neva.vlink.ru> Resent-Message-ID: <200510100930.j9A9UHZh039042@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 87198 >Category: ports >Synopsis: update port: www/zope28 (Hotfix 2005-10-09 Alert) >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Oct 10 09:30:17 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Denis Shaposhnikov >Release: FreeBSD 7.0-CURRENT i386 >Organization: >Environment: System: FreeBSD neva.vlink.ru 7.0-CURRENT FreeBSD 7.0-CURRENT #21: Sun Aug 14 15:59:53 MSD 2005 dsh@neva.vlink.ru:/var/FreeBSD/obj/var/FreeBSD/src/sys/NEVA i386 >Description: Hotfix 2005-10-09 Alert This hotfix addresses an important security issue that affects users of Zope versions 2.6 or higher. This hotfix resolves a security issue with docutils. Affected are possibly all Zope instances that expose RestructuredText functionalies to untrusted users through the web. >How-To-Repeat: >Fix: diff -Nru zope28.orig/Makefile zope28/Makefile --- zope28.orig/Makefile Mon Oct 10 13:17:18 2005 +++ zope28/Makefile Mon Oct 10 13:15:26 2005 @@ -7,12 +7,16 @@ PORTNAME= zope PORTVERSION= 2.8.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www python zope -MASTER_SITES= http://www.zope.org/Products/Zope/${PORTVERSION}/ +MASTER_SITES= http://www.zope.org/Products/Zope/${PORTVERSION}/ \ + http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert/:hotfix_20051009 DISTNAME= Zope-${PORTVERSION}-final EXTRACT_SUFX= .tgz +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ + Hotfix_2005-10-09.tar.gz:hotfix_20051009 DIST_SUBDIR= zope +EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= dsh@vlink.ru COMMENT= An object-based web application platform @@ -60,6 +64,9 @@ .else ISBATCH= "" .endif + +pre-patch: + ${TAR} xzf ${DISTDIR}/${DIST_SUBDIR}/Hotfix_2005-10-09.tar.gz -C ${WRKSRC}/lib/python post-patch: ${REINPLACE_CMD} \ diff -Nru zope28.orig/distinfo zope28/distinfo --- zope28.orig/distinfo Mon Oct 10 13:17:18 2005 +++ zope28/distinfo Mon Oct 10 11:20:57 2005 @@ -1,2 +1,4 @@ MD5 (zope/Zope-2.8.1-final.tgz) = 0ec441a35175bb8d8c557b7d3c63f6f6 SIZE (zope/Zope-2.8.1-final.tgz) = 5343921 +MD5 (zope/Hotfix_2005-10-09.tar.gz) = 607b2f4fa702d6e41f0bf960ec41979e +SIZE (zope/Hotfix_2005-10-09.tar.gz) = 265673 diff -Nru zope28.orig/pkg-plist zope28/pkg-plist --- zope28.orig/pkg-plist Mon Oct 10 13:17:18 2005 +++ zope28/pkg-plist Mon Oct 10 13:02:45 2005 @@ -3100,6 +3100,8 @@ %%ZOPEBASEDIR%%/lib/python/docutils/languages/__init__.pyc %%ZOPEBASEDIR%%/lib/python/docutils/languages/af.py %%ZOPEBASEDIR%%/lib/python/docutils/languages/af.pyc +%%ZOPEBASEDIR%%/lib/python/docutils/languages/ca.py +%%ZOPEBASEDIR%%/lib/python/docutils/languages/ca.pyc %%ZOPEBASEDIR%%/lib/python/docutils/languages/cs.py %%ZOPEBASEDIR%%/lib/python/docutils/languages/cs.pyc %%ZOPEBASEDIR%%/lib/python/docutils/languages/de.py @@ -3116,6 +3118,8 @@ %%ZOPEBASEDIR%%/lib/python/docutils/languages/fr.pyc %%ZOPEBASEDIR%%/lib/python/docutils/languages/it.py %%ZOPEBASEDIR%%/lib/python/docutils/languages/it.pyc +%%ZOPEBASEDIR%%/lib/python/docutils/languages/nl.py +%%ZOPEBASEDIR%%/lib/python/docutils/languages/nl.pyc %%ZOPEBASEDIR%%/lib/python/docutils/languages/pt_br.py %%ZOPEBASEDIR%%/lib/python/docutils/languages/pt_br.pyc %%ZOPEBASEDIR%%/lib/python/docutils/languages/ru.py @@ -3132,6 +3136,7 @@ %%ZOPEBASEDIR%%/lib/python/docutils/parsers/__init__.pyc %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/__init__.py %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/__init__.pyc +%%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/directives/.misc.py.swo %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/directives/__init__.py %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/directives/__init__.pyc %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/directives/admonitions.py @@ -3154,6 +3159,8 @@ %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/__init__.pyc %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/af.py %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/af.pyc +%%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/ca.py +%%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/ca.pyc %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/cs.py %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/cs.pyc %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/de.py @@ -3170,6 +3177,8 @@ %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/fr.pyc %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/it.py %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/it.pyc +%%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/nl.py +%%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/nl.pyc %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/pt_br.py %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/pt_br.pyc %%ZOPEBASEDIR%%/lib/python/docutils/parsers/rst/languages/ru.py @@ -3230,6 +3239,10 @@ %%ZOPEBASEDIR%%/lib/python/docutils/writers/html4css1.pyc %%ZOPEBASEDIR%%/lib/python/docutils/writers/latex2e.py %%ZOPEBASEDIR%%/lib/python/docutils/writers/latex2e.pyc +%%ZOPEBASEDIR%%/lib/python/docutils/writers/newlatex2e.py +%%ZOPEBASEDIR%%/lib/python/docutils/writers/newlatex2e.pyc +%%ZOPEBASEDIR%%/lib/python/docutils/writers/null.py +%%ZOPEBASEDIR%%/lib/python/docutils/writers/null.pyc %%ZOPEBASEDIR%%/lib/python/docutils/writers/pep_html.py %%ZOPEBASEDIR%%/lib/python/docutils/writers/pep_html.pyc %%ZOPEBASEDIR%%/lib/python/docutils/writers/pseudoxml.py >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510100920.j9A9KUAh009530>