SECURITY: add 2002-06-14 hotfix

The issue involves the security of the indexes of ZCatalog objects. A flaw in the security settings of ZCatalog allows anonymous users to call arbitrary methods of catalog indexes. The vulnerability also allows untrusted code to do the same. -- From: MAINTAINER
2002-09-29 06:02:18 +00:00 · 2002-09-29 06:02:18 +00:00 · 078daae9a1
commit 078daae9a1
parent 95a5002acf
3 changed files with 27 additions and 9 deletions
--- a/www/zope/Makefile
+++ b/www/zope/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.13 2002/07/09 12:32:34 matt Exp $
+# $OpenBSD: Makefile,v 1.14 2002/09/29 06:02:18 brad Exp $

 COMMENT=	"object-oriented web application server"

 VERSION=	2.5.1
-PORT_VERSION=	${VERSION}
+PORT_VERSION=	${VERSION}p1

 DISTNAME=	Zope-${VERSION}-src
 PKGNAME=	zope-${PORT_VERSION}
@ -23,10 +23,18 @@ MASTER_SITES=	http://www.zope.org/Products/Zope/${VERSION}/
 EXTRACT_SUFX=	.tgz
 EXTRACT_CASES=	*.tgz) gtar zxf ${FULLDISTDIR}/$$archive ;;

+DIST_SUBDIR=	zope
+
 MASTER_SITES0=	http://www.zope.org/Members/zigg/UnixSecurityPatch/
 PATCHFILES=	Zope-${VERSION}-unix-security.patch:0
 PATCH_DIST_STRIP=-p1

+HOTFIX_DATE1= 	2002-06-14
+MASTER_SITES1= 	http://www.zope.org/Products/Zope/Hotfix_${HOTFIX_DATE1}/
+
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX} \
+		Hotfix_${HOTFIX_DATE1}.tgz:1
+
 BUILD_DEPENDS=	:python->=2.1.2,<2.2:lang/python/2.1 \
 		:gtar-*:archivers/gtar					
 RUN_DEPENDS=	:python->=2.1.2,<2.2:lang/python/2.1
@ -78,6 +86,10 @@ do-install:
 		${PREFIX}/share/doc/zope/changenotes
 	echo "Zope ${VERSION} (OpenBSD package zope-${PORT_VERSION})" \
 		> ${PREFIX}/lib/zope/lib/python/version.txt
+	${INSTALL_DATA_DIR} ${PRODUCTSDIR}/Hotfix_${HOTFIX_DATE1}
+	${INSTALL_DATA} \
+		${WRKDIR}/lib/python/Products/Hotfix_${HOTFIX_DATE1}/* \
+		${PRODUCTSDIR}/Hotfix_${HOTFIX_DATE1}

 do-regress:
 	cd ${WRKSRC} && ${LOCALBASE}/bin/python2.1 utilities/testrunner.py -a
--- a/www/zope/distinfo
+++ b/www/zope/distinfo
@ -1,6 +1,9 @@
-MD5 (Zope-2.5.1-src.tgz) = 65d502b2acf986693576decad6b837cf
-MD5 (Zope-2.5.1-unix-security.patch) = 89324efb7f2f8846b2a05170c8c7a0e7
-RMD160 (Zope-2.5.1-src.tgz) = 3835ad67b93184416b2ff090642948fb11686c39
-RMD160 (Zope-2.5.1-unix-security.patch) = 6ee8fd7335d7b0d927327065966e930939b143fd
-SHA1 (Zope-2.5.1-src.tgz) = 6ef5ac94270a61541c4ca5da866e60395823658a
-SHA1 (Zope-2.5.1-unix-security.patch) = 4eb470c3a006b0ee76348712a19d0adc713dcc69
+MD5 (zope/Hotfix_2002-06-14.tgz) = 2897d702575070bbe0430e00f29a83ff
+MD5 (zope/Zope-2.5.1-src.tgz) = 65d502b2acf986693576decad6b837cf
+MD5 (zope/Zope-2.5.1-unix-security.patch) = 89324efb7f2f8846b2a05170c8c7a0e7
+RMD160 (zope/Hotfix_2002-06-14.tgz) = 51f5990a7018de88ada40f25b130ff88b05222e4
+RMD160 (zope/Zope-2.5.1-src.tgz) = 3835ad67b93184416b2ff090642948fb11686c39
+RMD160 (zope/Zope-2.5.1-unix-security.patch) = 6ee8fd7335d7b0d927327065966e930939b143fd
+SHA1 (zope/Hotfix_2002-06-14.tgz) = 9559701aa15512dcb890f2760b198693825b9587
+SHA1 (zope/Zope-2.5.1-src.tgz) = 6ef5ac94270a61541c4ca5da866e60395823658a
+SHA1 (zope/Zope-2.5.1-unix-security.patch) = 4eb470c3a006b0ee76348712a19d0adc713dcc69
--- a/www/zope/pkg/PLIST
+++ b/www/zope/pkg/PLIST
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.8 2002/04/25 15:38:55 matt Exp $
+@comment $OpenBSD: PLIST,v 1.9 2002/09/29 06:02:19 brad Exp $
 bin/zope-instance
 lib/zope/Extensions/README.txt
 lib/zope/ZServer/DebugLogger.py
@ -905,6 +905,8 @@ lib/zope/lib/python/Products/ExternalMethod/tests/__init__.py
 lib/zope/lib/python/Products/ExternalMethod/tests/testExternalMethod.py
 lib/zope/lib/python/Products/ExternalMethod/version.txt
 lib/zope/lib/python/Products/ExternalMethod/www/function.gif
+lib/zope/lib/python/Products/Hotfix_2002-06-14/README.txt
+lib/zope/lib/python/Products/Hotfix_2002-06-14/__init__.py
 lib/zope/lib/python/Products/MIMETools/MIMETag.py
 lib/zope/lib/python/Products/MIMETools/MIMETag.pyc
 lib/zope/lib/python/Products/MIMETools/MIMETag.pyo
@ -2850,6 +2852,7 @@ share/doc/zope/changenotes/010620-2.4-btreeconflict.stx
@dirrm lib/zope/lib/python/Products/MailHost/dtml
@dirrm lib/zope/lib/python/Products/MailHost
@dirrm lib/zope/lib/python/Products/MIMETools
+@dirrm lib/zope/lib/python/Products/Hotfix_2002-06-14
@dirrm lib/zope/lib/python/Products/ExternalMethod/www
@dirrm lib/zope/lib/python/Products/ExternalMethod/tests/Extensions
@dirrm lib/zope/lib/python/Products/ExternalMethod/tests