pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q2]: pkgsrc/www/zope210 pullup ticket #2500 - requested by...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/dd534b413aa7
branches:  pkgsrc-2008Q2
changeset: 544279:dd534b413aa7
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Thu Aug 21 11:24:39 2008 +0000

description:
pullup ticket #2500 - requested by taca
zope210: patch for security fixes

revisions pulled up:
pkgsrc/www/zope210/Makefile             1.7
pkgsrc/www/zope210/distinfo             1.3
pkgsrc/www/zope210/patches/patch-aj     1.1
pkgsrc/www/zope210/patches/patch-ak     1.1

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Sun Aug 17 15:12:57 UTC 2008

   Modified Files:
           pkgsrc/www/zope210: Makefile distinfo
   Added Files:
           pkgsrc/www/zope210/patches: patch-aj patch-ak

   Log Message:
   Add some changes from Zope's svn repository which should fix
   Zope's security advisory 2008-08-12.

   Bump PKGREVISION.

diffstat:

 www/zope210/Makefile         |    3 +-
 www/zope210/distinfo         |    4 +-
 www/zope210/patches/patch-aj |   19 +++++++
 www/zope210/patches/patch-ak |  109 +++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 133 insertions(+), 2 deletions(-)

diffs (165 lines):

diff -r ee28902e21dc -r dd534b413aa7 www/zope210/Makefile
--- a/www/zope210/Makefile      Thu Aug 21 11:17:03 2008 +0000
+++ b/www/zope210/Makefile      Thu Aug 21 11:24:39 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.6 2008/05/26 02:13:26 joerg Exp $
+# $NetBSD: Makefile,v 1.6.4.1 2008/08/21 11:24:39 rtr Exp $
 # FreeBSD Id: ports/www/zope29/Makefile,v 1.86 2006/08/03 15:53:04 garga Exp
 
 DISTNAME=      Zope-${ZOPE210_VERSION}-final
 PKGNAME=       ${ZOPE_PKG_PREFIX}-${ZOPE210_VERSION}
+PKGREVISION=   1
 CATEGORIES=    www python
 MASTER_SITES=  http://www.zope.org/Products/Zope/${ZOPE210_VERSION}/
 EXTRACT_SUFX=  .tgz
diff -r ee28902e21dc -r dd534b413aa7 www/zope210/distinfo
--- a/www/zope210/distinfo      Thu Aug 21 11:17:03 2008 +0000
+++ b/www/zope210/distinfo      Thu Aug 21 11:24:39 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2008/05/11 16:28:03 taca Exp $
+$NetBSD: distinfo,v 1.2.4.1 2008/08/21 11:24:39 rtr Exp $
 
 SHA1 (Zope-2.10.6-final.tgz) = d0689fd3a0eac8fbb0f44a81c3c1427660f4c76d
 RMD160 (Zope-2.10.6-final.tgz) = f0f62d8e4e23041c3fc77179310561678a4458cc
@@ -12,3 +12,5 @@
 SHA1 (patch-ag) = dffc88b9d087e01bf853441c4a9064a9184a310f
 SHA1 (patch-ah) = 360c8f69e1f23a9f0dec666d509e03e4ef55d93b
 SHA1 (patch-ai) = d7987483068b677aeab5ceb59dd8261e204065d7
+SHA1 (patch-aj) = afebb47b9c65af23c6d158b04608239731f1b7b3
+SHA1 (patch-ak) = 95633060bc99be604b75ac49e37e6483168bc362
diff -r ee28902e21dc -r dd534b413aa7 www/zope210/patches/patch-aj
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/zope210/patches/patch-aj      Thu Aug 21 11:24:39 2008 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-aj,v 1.1.2.2 2008/08/21 11:24:39 rtr Exp $
+
+Patch #1 corresponding to security advisory 2008-08-12.
+
+--- lib/python/Products/PythonScripts/PythonScript.py.orig     2008-05-10 15:33:18.000000000 +0900
++++ lib/python/Products/PythonScripts/PythonScript.py
+@@ -324,7 +324,11 @@ class PythonScript(Script, Historical, C
+         g['__file__'] = getattr(self, '_filepath', None) or self.get_filepath()
+         f = new.function(fcode, g, None, fadefs)
+ 
+-        result = f(*args, **kw)
++        try:
++            result = f(*args, **kw)
++        except SystemExit:
++            raise ValueError('SystemExit cannot be raised within a PythonScript')
++
+         if keyset is not None:
+             # Store the result in the cache.
+             self.ZCacheable_set(result, keywords=keyset)
diff -r ee28902e21dc -r dd534b413aa7 www/zope210/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/zope210/patches/patch-ak      Thu Aug 21 11:24:39 2008 +0000
@@ -0,0 +1,109 @@
+$NetBSD: patch-ak,v 1.1.2.2 2008/08/21 11:24:39 rtr Exp $
+
+Patch #2 corresponding to security advisory 2008-08-12.
+
+--- lib/python/Products/PythonScripts/__init__.py.orig 2008-05-10 15:35:03.000000000 +0900
++++ lib/python/Products/PythonScripts/__init__.py
+@@ -61,3 +61,102 @@ def recompile(self):
+     if names:
+         return 'The following Scripts were recompiled:\n' + '\n'.join(names)
+     return 'No Scripts were found that required recompilation.'
++
++
++# Monkey patch for LP #257276
++
++# This code is taken from the encodings module of Python 2.4.
++# Note that this code is originally (C) CNRI and it is possibly not compatible
++# with the ZPL and therefore should not live within svn.zope.org. However this
++# checkin is blessed by Jim Fulton for now. The fix is no longer required with
++# Python 2.5 and hopefully fixed in Python 2.4.6 release.
++
++
++# Written by Marc-Andre Lemburg (mal%lemburg.com@localhost).
++# (c) Copyright CNRI, All Rights Reserved. NO WARRANTY.
++
++def search_function(encoding):
++
++    # Cache lookup
++    entry = _cache.get(encoding, _unknown)
++    if entry is not _unknown:
++        return entry
++
++    # Import the module:
++    #
++    # First try to find an alias for the normalized encoding
++    # name and lookup the module using the aliased name, then try to
++    # lookup the module using the standard import scheme, i.e. first
++    # try in the encodings package, then at top-level.
++    #
++    norm_encoding = normalize_encoding(encoding)
++    aliased_encoding = _aliases.get(norm_encoding) or \
++                       _aliases.get(norm_encoding.replace('.', '_'))
++    if aliased_encoding is not None:
++        modnames = [aliased_encoding,
++                    norm_encoding]
++    else:
++        modnames = [norm_encoding]
++    for modname in modnames:
++
++        if not modname or '.' in modname:
++            continue
++
++        try:
++            mod = __import__(modname,
++                             globals(), locals(), _import_tail)
++            if not mod.__name__.startswith('encodings.'):
++                continue
++
++        except ImportError:
++            pass
++        else:
++            break
++    else:
++        mod = None
++
++    try:
++        getregentry = mod.getregentry
++    except AttributeError:
++        # Not a codec module
++        mod = None
++
++    if mod is None:
++        # Cache misses
++        _cache[encoding] = None
++        return None
++
++    # Now ask the module for the registry entry
++    entry = tuple(getregentry())
++    if len(entry) != 4:
++        raise CodecRegistryError,\
++              'module "%s" (%s) failed to register' % \
++              (mod.__name__, mod.__file__)
++    for obj in entry:
++        if not callable(obj):
++            raise CodecRegistryError,\
++                  'incompatible codecs in module "%s" (%s)' % \
++                  (mod.__name__, mod.__file__)
++
++    # Cache the codec registry entry
++    _cache[encoding] = entry
++
++    # Register its aliases (without overwriting previously registered
++    # aliases)
++    try:
++        codecaliases = mod.getaliases()
++    except AttributeError:
++        pass
++    else:
++        for alias in codecaliases:
++            if not _aliases.has_key(alias):
++                _aliases[alias] = modname
++
++    # Return the registry entry
++    return entry
++
++
++# MONKEY
++
++import encodings
++encodings.search_function.func_code = search_function.func_code



Home | Main Index | Thread Index | Old Index