[pkgsrc/pkgsrc-2008Q2]: pkgsrc/www/zope29 Pullup ticket #2499 - requested by ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2008Q2]: pkgsrc/www/zope29 Pullup ticket #2499 - requested by ...
From: tron <tron%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 06:19:18 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d01e64739c7f
branches:  pkgsrc-2008Q2
changeset: 544276:d01e64739c7f
user:      tron <tron%pkgsrc.org@localhost>
date:      Wed Aug 20 10:05:24 2008 +0000

description:
Pullup ticket #2499 - requested by taca
zope29: security patch

Revisions pulled up:
- www/zope29/Makefile           1.20
- www/zope29/distinfo           1.7
- www/zope29/patches/patch-ak   1.1
- www/zope29/patches/patch-al   1.1
---
    Module Name:        pkgsrc
    Committed By:       taca
    Date:               Sun Aug 17 15:12:32 UTC 2008

    Modified Files:
        pkgsrc/www/zope29: Makefile distinfo
    Added Files:
        pkgsrc/www/zope29/patches: patch-ak patch-al

    Log Message:
    Add some changes from Zope's svn repository which should fix
    Zope's security advisory 2008-08-12.

    Bump PKGREVISION.

diffstat:

 www/zope29/Makefile         |    3 +-
 www/zope29/distinfo         |    4 +-
 www/zope29/patches/patch-ak |   19 +++++++
 www/zope29/patches/patch-al |  109 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 133 insertions(+), 2 deletions(-)

diffs (165 lines):

diff -r 8dfb8f8f93ec -r d01e64739c7f www/zope29/Makefile
--- a/www/zope29/Makefile       Wed Aug 20 09:43:10 2008 +0000
+++ b/www/zope29/Makefile       Wed Aug 20 10:05:24 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.19 2008/05/26 02:13:26 joerg Exp $
+# $NetBSD: Makefile,v 1.19.4.1 2008/08/20 10:05:24 tron Exp $
 # FreeBSD Id: ports/www/zope29/Makefile,v 1.86 2006/08/03 15:53:04 garga Exp
 
 DISTNAME=      Zope-${ZOPE29_VERSION}-final
 PKGNAME=       ${ZOPE_PKG_PREFIX}-${ZOPE29_VERSION}
+PKGREVISION=   1
 CATEGORIES=    www python
 MASTER_SITES=  http://www.zope.org/Products/Zope/${ZOPE29_VERSION}/
 EXTRACT_SUFX=  .tgz
diff -r 8dfb8f8f93ec -r d01e64739c7f www/zope29/distinfo
--- a/www/zope29/distinfo       Wed Aug 20 09:43:10 2008 +0000
+++ b/www/zope29/distinfo       Wed Aug 20 10:05:24 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2008/05/11 16:27:17 taca Exp $
+$NetBSD: distinfo,v 1.6.4.1 2008/08/20 10:05:24 tron Exp $
 
 SHA1 (Zope-2.9.9-final.tgz) = decf69899c3d80cf13330373b1cf92351b490fb7
 RMD160 (Zope-2.9.9-final.tgz) = 1818a1bb77bf300c113d10551a7896108bc6c8e3
@@ -13,3 +13,5 @@
 SHA1 (patch-ah) = 6295b0a344bd6ad9c2f61842e1aa0b90c9578cd6
 SHA1 (patch-ai) = 7c631001a397e72b799e2a663a8af0d4f68ef5e1
 SHA1 (patch-aj) = bc0366b715714dd96e51cca30cff6c28f290bcda
+SHA1 (patch-ak) = fd3d315b5f9f92a07032dd8a7d1979757d681cea
+SHA1 (patch-al) = 95633060bc99be604b75ac49e37e6483168bc362
diff -r 8dfb8f8f93ec -r d01e64739c7f www/zope29/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/zope29/patches/patch-ak       Wed Aug 20 10:05:24 2008 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ak,v 1.1.2.2 2008/08/20 10:05:24 tron Exp $
+
+Patch #1 corresponding to security advisory 2008-08-12.
+
+--- lib/python/Products/PythonScripts/PythonScript.py.orig     2008-05-10 15:35:03.000000000 +0900
++++ lib/python/Products/PythonScripts/PythonScript.py
+@@ -323,7 +323,11 @@ class PythonScript(Script, Historical, C
+         g['__file__'] = getattr(self, '_filepath', None) or self.get_filepath()
+         f = new.function(fcode, g, None, fadefs)
+ 
+-        result = f(*args, **kw)
++        try:
++            result = f(*args, **kw)
++        except SystemExit:
++            raise ValueError('SystemExit cannot be raised within a PythonScript')
++
+         if keyset is not None:
+             # Store the result in the cache.
+             self.ZCacheable_set(result, keywords=keyset)
diff -r 8dfb8f8f93ec -r d01e64739c7f www/zope29/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/zope29/patches/patch-al       Wed Aug 20 10:05:24 2008 +0000
@@ -0,0 +1,109 @@
+$NetBSD: patch-al,v 1.1.2.2 2008/08/20 10:05:24 tron Exp $
+
+Patch #2 corresponding to security advisory 2008-08-12.
+
+--- lib/python/Products/PythonScripts/__init__.py.orig 2008-05-10 15:35:03.000000000 +0900
++++ lib/python/Products/PythonScripts/__init__.py
+@@ -61,3 +61,102 @@ def recompile(self):
+     if names:
+         return 'The following Scripts were recompiled:\n' + '\n'.join(names)
+     return 'No Scripts were found that required recompilation.'
++
++
++# Monkey patch for LP #257276
++
++# This code is taken from the encodings module of Python 2.4.
++# Note that this code is originally (C) CNRI and it is possibly not compatible
++# with the ZPL and therefore should not live within svn.zope.org. However this
++# checkin is blessed by Jim Fulton for now. The fix is no longer required with
++# Python 2.5 and hopefully fixed in Python 2.4.6 release.
++
++
++# Written by Marc-Andre Lemburg (mal%lemburg.com@localhost).
++# (c) Copyright CNRI, All Rights Reserved. NO WARRANTY.
++
++def search_function(encoding):
++
++    # Cache lookup
++    entry = _cache.get(encoding, _unknown)
++    if entry is not _unknown:
++        return entry
++
++    # Import the module:
++    #
++    # First try to find an alias for the normalized encoding
++    # name and lookup the module using the aliased name, then try to
++    # lookup the module using the standard import scheme, i.e. first
++    # try in the encodings package, then at top-level.
++    #
++    norm_encoding = normalize_encoding(encoding)
++    aliased_encoding = _aliases.get(norm_encoding) or \
++                       _aliases.get(norm_encoding.replace('.', '_'))
++    if aliased_encoding is not None:
++        modnames = [aliased_encoding,
++                    norm_encoding]
++    else:
++        modnames = [norm_encoding]
++    for modname in modnames:
++
++        if not modname or '.' in modname:
++            continue
++
++        try:
++            mod = __import__(modname,
++                             globals(), locals(), _import_tail)
++            if not mod.__name__.startswith('encodings.'):
++                continue
++
++        except ImportError:
++            pass
++        else:
++            break
++    else:
++        mod = None
++
++    try:
++        getregentry = mod.getregentry
++    except AttributeError:
++        # Not a codec module
++        mod = None
++
++    if mod is None:
++        # Cache misses
++        _cache[encoding] = None
++        return None
++
++    # Now ask the module for the registry entry
++    entry = tuple(getregentry())
++    if len(entry) != 4:
++        raise CodecRegistryError,\
++              'module "%s" (%s) failed to register' % \
++              (mod.__name__, mod.__file__)
++    for obj in entry:
++        if not callable(obj):
++            raise CodecRegistryError,\
++                  'incompatible codecs in module "%s" (%s)' % \
++                  (mod.__name__, mod.__file__)
++
++    # Cache the codec registry entry
++    _cache[encoding] = entry
++
++    # Register its aliases (without overwriting previously registered
++    # aliases)
++    try:
++        codecaliases = mod.getaliases()
++    except AttributeError:
++        pass
++    else:
++        for alias in codecaliases:
++            if not _aliases.has_key(alias):
++                _aliases[alias] = modname
++
++    # Return the registry entry
++    return entry
++
++
++# MONKEY
++
++import encodings
++encodings.search_function.func_code = search_function.func_code

Prev by Date: [pkgsrc/pkgsrc-2008Q2]: pkgsrc/www/awstats Pullup ticket #2504 - requested by...
Next by Date: [pkgsrc/pkgsrc-2008Q2]: pkgsrc/doc Pullup ticket #2532.
Previous by Thread: [pkgsrc/pkgsrc-2008Q2]: pkgsrc/www/awstats Pullup ticket #2504 - requested by...
Next by Thread: [pkgsrc/pkgsrc-2008Q2]: pkgsrc/doc Pullup ticket #2532.
Indexes:

Home | Main Index | Thread Index | Old Index