pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q2]: pkgsrc/www/zope210 pullup ticket #2500 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/dd534b413aa7
branches: pkgsrc-2008Q2
changeset: 544279:dd534b413aa7
user: rtr <rtr%pkgsrc.org@localhost>
date: Thu Aug 21 11:24:39 2008 +0000
description:
pullup ticket #2500 - requested by taca
zope210: patch for security fixes
revisions pulled up:
pkgsrc/www/zope210/Makefile 1.7
pkgsrc/www/zope210/distinfo 1.3
pkgsrc/www/zope210/patches/patch-aj 1.1
pkgsrc/www/zope210/patches/patch-ak 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 17 15:12:57 UTC 2008
Modified Files:
pkgsrc/www/zope210: Makefile distinfo
Added Files:
pkgsrc/www/zope210/patches: patch-aj patch-ak
Log Message:
Add some changes from Zope's svn repository which should fix
Zope's security advisory 2008-08-12.
Bump PKGREVISION.
diffstat:
www/zope210/Makefile | 3 +-
www/zope210/distinfo | 4 +-
www/zope210/patches/patch-aj | 19 +++++++
www/zope210/patches/patch-ak | 109 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 133 insertions(+), 2 deletions(-)
diffs (165 lines):
diff -r ee28902e21dc -r dd534b413aa7 www/zope210/Makefile
--- a/www/zope210/Makefile Thu Aug 21 11:17:03 2008 +0000
+++ b/www/zope210/Makefile Thu Aug 21 11:24:39 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.6 2008/05/26 02:13:26 joerg Exp $
+# $NetBSD: Makefile,v 1.6.4.1 2008/08/21 11:24:39 rtr Exp $
# FreeBSD Id: ports/www/zope29/Makefile,v 1.86 2006/08/03 15:53:04 garga Exp
DISTNAME= Zope-${ZOPE210_VERSION}-final
PKGNAME= ${ZOPE_PKG_PREFIX}-${ZOPE210_VERSION}
+PKGREVISION= 1
CATEGORIES= www python
MASTER_SITES= http://www.zope.org/Products/Zope/${ZOPE210_VERSION}/
EXTRACT_SUFX= .tgz
diff -r ee28902e21dc -r dd534b413aa7 www/zope210/distinfo
--- a/www/zope210/distinfo Thu Aug 21 11:17:03 2008 +0000
+++ b/www/zope210/distinfo Thu Aug 21 11:24:39 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2008/05/11 16:28:03 taca Exp $
+$NetBSD: distinfo,v 1.2.4.1 2008/08/21 11:24:39 rtr Exp $
SHA1 (Zope-2.10.6-final.tgz) = d0689fd3a0eac8fbb0f44a81c3c1427660f4c76d
RMD160 (Zope-2.10.6-final.tgz) = f0f62d8e4e23041c3fc77179310561678a4458cc
@@ -12,3 +12,5 @@
SHA1 (patch-ag) = dffc88b9d087e01bf853441c4a9064a9184a310f
SHA1 (patch-ah) = 360c8f69e1f23a9f0dec666d509e03e4ef55d93b
SHA1 (patch-ai) = d7987483068b677aeab5ceb59dd8261e204065d7
+SHA1 (patch-aj) = afebb47b9c65af23c6d158b04608239731f1b7b3
+SHA1 (patch-ak) = 95633060bc99be604b75ac49e37e6483168bc362
diff -r ee28902e21dc -r dd534b413aa7 www/zope210/patches/patch-aj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/zope210/patches/patch-aj Thu Aug 21 11:24:39 2008 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-aj,v 1.1.2.2 2008/08/21 11:24:39 rtr Exp $
+
+Patch #1 corresponding to security advisory 2008-08-12.
+
+--- lib/python/Products/PythonScripts/PythonScript.py.orig 2008-05-10 15:33:18.000000000 +0900
++++ lib/python/Products/PythonScripts/PythonScript.py
+@@ -324,7 +324,11 @@ class PythonScript(Script, Historical, C
+ g['__file__'] = getattr(self, '_filepath', None) or self.get_filepath()
+ f = new.function(fcode, g, None, fadefs)
+
+- result = f(*args, **kw)
++ try:
++ result = f(*args, **kw)
++ except SystemExit:
++ raise ValueError('SystemExit cannot be raised within a PythonScript')
++
+ if keyset is not None:
+ # Store the result in the cache.
+ self.ZCacheable_set(result, keywords=keyset)
diff -r ee28902e21dc -r dd534b413aa7 www/zope210/patches/patch-ak
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/zope210/patches/patch-ak Thu Aug 21 11:24:39 2008 +0000
@@ -0,0 +1,109 @@
+$NetBSD: patch-ak,v 1.1.2.2 2008/08/21 11:24:39 rtr Exp $
+
+Patch #2 corresponding to security advisory 2008-08-12.
+
+--- lib/python/Products/PythonScripts/__init__.py.orig 2008-05-10 15:35:03.000000000 +0900
++++ lib/python/Products/PythonScripts/__init__.py
+@@ -61,3 +61,102 @@ def recompile(self):
+ if names:
+ return 'The following Scripts were recompiled:\n' + '\n'.join(names)
+ return 'No Scripts were found that required recompilation.'
++
++
++# Monkey patch for LP #257276
++
++# This code is taken from the encodings module of Python 2.4.
++# Note that this code is originally (C) CNRI and it is possibly not compatible
++# with the ZPL and therefore should not live within svn.zope.org. However this
++# checkin is blessed by Jim Fulton for now. The fix is no longer required with
++# Python 2.5 and hopefully fixed in Python 2.4.6 release.
++
++
++# Written by Marc-Andre Lemburg (mal%lemburg.com@localhost).
++# (c) Copyright CNRI, All Rights Reserved. NO WARRANTY.
++
++def search_function(encoding):
++
++ # Cache lookup
++ entry = _cache.get(encoding, _unknown)
++ if entry is not _unknown:
++ return entry
++
++ # Import the module:
++ #
++ # First try to find an alias for the normalized encoding
++ # name and lookup the module using the aliased name, then try to
++ # lookup the module using the standard import scheme, i.e. first
++ # try in the encodings package, then at top-level.
++ #
++ norm_encoding = normalize_encoding(encoding)
++ aliased_encoding = _aliases.get(norm_encoding) or \
++ _aliases.get(norm_encoding.replace('.', '_'))
++ if aliased_encoding is not None:
++ modnames = [aliased_encoding,
++ norm_encoding]
++ else:
++ modnames = [norm_encoding]
++ for modname in modnames:
++
++ if not modname or '.' in modname:
++ continue
++
++ try:
++ mod = __import__(modname,
++ globals(), locals(), _import_tail)
++ if not mod.__name__.startswith('encodings.'):
++ continue
++
++ except ImportError:
++ pass
++ else:
++ break
++ else:
++ mod = None
++
++ try:
++ getregentry = mod.getregentry
++ except AttributeError:
++ # Not a codec module
++ mod = None
++
++ if mod is None:
++ # Cache misses
++ _cache[encoding] = None
++ return None
++
++ # Now ask the module for the registry entry
++ entry = tuple(getregentry())
++ if len(entry) != 4:
++ raise CodecRegistryError,\
++ 'module "%s" (%s) failed to register' % \
++ (mod.__name__, mod.__file__)
++ for obj in entry:
++ if not callable(obj):
++ raise CodecRegistryError,\
++ 'incompatible codecs in module "%s" (%s)' % \
++ (mod.__name__, mod.__file__)
++
++ # Cache the codec registry entry
++ _cache[encoding] = entry
++
++ # Register its aliases (without overwriting previously registered
++ # aliases)
++ try:
++ codecaliases = mod.getaliases()
++ except AttributeError:
++ pass
++ else:
++ for alias in codecaliases:
++ if not _aliases.has_key(alias):
++ _aliases[alias] = modname
++
++ # Return the registry entry
++ return entry
++
++
++# MONKEY
++
++import encodings
++encodings.search_function.func_code = search_function.func_code
Home |
Main Index |
Thread Index |
Old Index