diff options
| author | taca <taca@pkgsrc.org> | 2008-08-17 15:12:32 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2008-08-17 15:12:32 +0000 |
| commit | 6d0866fc1d43bd587668b1f9f7d3d991c03acd2e (patch) | |
| tree | 240b2ffbe64e7b716fe6e18c22b8a0d965f14de9 /www | |
| parent | b3ac0382d22aebf1b333e752cf26eb22b3030d3d (diff) | |
| download | pkgsrc-6d0866fc1d43bd587668b1f9f7d3d991c03acd2e.tar.gz | |
Add some changes from Zope's svn repository which should fix
Zope's security advisory 2008-08-12.
Bump PKGREVISION.
Diffstat (limited to 'www')
| -rw-r--r-- | www/zope210/Makefile | 3 | ||||
| -rw-r--r-- | www/zope210/distinfo | 4 | ||||
| -rw-r--r-- | www/zope210/patches/patch-aj | 19 | ||||
| -rw-r--r-- | www/zope210/patches/patch-ak | 109 | ||||
| -rw-r--r-- | www/zope211/Makefile | 3 | ||||
| -rw-r--r-- | www/zope211/distinfo | 4 | ||||
| -rw-r--r-- | www/zope211/patches/patch-aj | 19 | ||||
| -rw-r--r-- | www/zope211/patches/patch-ak | 109 | ||||
| -rw-r--r-- | www/zope29/Makefile | 3 | ||||
| -rw-r--r-- | www/zope29/distinfo | 4 | ||||
| -rw-r--r-- | www/zope29/patches/patch-ak | 19 | ||||
| -rw-r--r-- | www/zope29/patches/patch-al | 109 |
12 files changed, 399 insertions, 6 deletions
diff --git a/www/zope210/Makefile b/www/zope210/Makefile index 87844557b7b..b65322f59fd 100644 --- a/www/zope210/Makefile +++ b/www/zope210/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.6 2008/05/26 02:13:26 joerg Exp $ +# $NetBSD: Makefile,v 1.7 2008/08/17 15:12:57 taca Exp $ # FreeBSD Id: ports/www/zope29/Makefile,v 1.86 2006/08/03 15:53:04 garga Exp DISTNAME= Zope-${ZOPE210_VERSION}-final PKGNAME= ${ZOPE_PKG_PREFIX}-${ZOPE210_VERSION} +PKGREVISION= 1 CATEGORIES= www python MASTER_SITES= http://www.zope.org/Products/Zope/${ZOPE210_VERSION}/ EXTRACT_SUFX= .tgz diff --git a/www/zope210/distinfo b/www/zope210/distinfo index 447107c352f..f1ed45625c5 100644 --- a/www/zope210/distinfo +++ b/www/zope210/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2008/05/11 16:28:03 taca Exp $ +$NetBSD: distinfo,v 1.3 2008/08/17 15:12:57 taca Exp $ SHA1 (Zope-2.10.6-final.tgz) = d0689fd3a0eac8fbb0f44a81c3c1427660f4c76d RMD160 (Zope-2.10.6-final.tgz) = f0f62d8e4e23041c3fc77179310561678a4458cc @@ -12,3 +12,5 @@ SHA1 (patch-af) = 3b352c8bd6cc8f7360025d3d27267a0319cd6b17 SHA1 (patch-ag) = dffc88b9d087e01bf853441c4a9064a9184a310f SHA1 (patch-ah) = 360c8f69e1f23a9f0dec666d509e03e4ef55d93b SHA1 (patch-ai) = d7987483068b677aeab5ceb59dd8261e204065d7 +SHA1 (patch-aj) = afebb47b9c65af23c6d158b04608239731f1b7b3 +SHA1 (patch-ak) = 95633060bc99be604b75ac49e37e6483168bc362 diff --git a/www/zope210/patches/patch-aj b/www/zope210/patches/patch-aj new file mode 100644 index 00000000000..499c6622a64 --- /dev/null +++ b/www/zope210/patches/patch-aj @@ -0,0 +1,19 @@ +$NetBSD: patch-aj,v 1.1 2008/08/17 15:12:57 taca Exp $ + +Patch #1 corresponding to security advisory 2008-08-12. + +--- lib/python/Products/PythonScripts/PythonScript.py.orig 2008-05-10 15:33:18.000000000 +0900 ++++ lib/python/Products/PythonScripts/PythonScript.py +@@ -324,7 +324,11 @@ class PythonScript(Script, Historical, C + g['__file__'] = getattr(self, '_filepath', None) or self.get_filepath() + f = new.function(fcode, g, None, fadefs) + +- result = f(*args, **kw) ++ try: ++ result = f(*args, **kw) ++ except SystemExit: ++ raise ValueError('SystemExit cannot be raised within a PythonScript') ++ + if keyset is not None: + # Store the result in the cache. + self.ZCacheable_set(result, keywords=keyset) diff --git a/www/zope210/patches/patch-ak b/www/zope210/patches/patch-ak new file mode 100644 index 00000000000..6446e606243 --- /dev/null +++ b/www/zope210/patches/patch-ak @@ -0,0 +1,109 @@ +$NetBSD: patch-ak,v 1.1 2008/08/17 15:12:57 taca Exp $ + +Patch #2 corresponding to security advisory 2008-08-12. + +--- lib/python/Products/PythonScripts/__init__.py.orig 2008-05-10 15:35:03.000000000 +0900 ++++ lib/python/Products/PythonScripts/__init__.py +@@ -61,3 +61,102 @@ def recompile(self): + if names: + return 'The following Scripts were recompiled:\n' + '\n'.join(names) + return 'No Scripts were found that required recompilation.' ++ ++ ++# Monkey patch for LP #257276 ++ ++# This code is taken from the encodings module of Python 2.4. ++# Note that this code is originally (C) CNRI and it is possibly not compatible ++# with the ZPL and therefore should not live within svn.zope.org. However this ++# checkin is blessed by Jim Fulton for now. The fix is no longer required with ++# Python 2.5 and hopefully fixed in Python 2.4.6 release. ++ ++ ++# Written by Marc-Andre Lemburg (mal@lemburg.com). ++# (c) Copyright CNRI, All Rights Reserved. NO WARRANTY. ++ ++def search_function(encoding): ++ ++ # Cache lookup ++ entry = _cache.get(encoding, _unknown) ++ if entry is not _unknown: ++ return entry ++ ++ # Import the module: ++ # ++ # First try to find an alias for the normalized encoding ++ # name and lookup the module using the aliased name, then try to ++ # lookup the module using the standard import scheme, i.e. first ++ # try in the encodings package, then at top-level. ++ # ++ norm_encoding = normalize_encoding(encoding) ++ aliased_encoding = _aliases.get(norm_encoding) or \ ++ _aliases.get(norm_encoding.replace('.', '_')) ++ if aliased_encoding is not None: ++ modnames = [aliased_encoding, ++ norm_encoding] ++ else: ++ modnames = [norm_encoding] ++ for modname in modnames: ++ ++ if not modname or '.' in modname: ++ continue ++ ++ try: ++ mod = __import__(modname, ++ globals(), locals(), _import_tail) ++ if not mod.__name__.startswith('encodings.'): ++ continue ++ ++ except ImportError: ++ pass ++ else: ++ break ++ else: ++ mod = None ++ ++ try: ++ getregentry = mod.getregentry ++ except AttributeError: ++ # Not a codec module ++ mod = None ++ ++ if mod is None: ++ # Cache misses ++ _cache[encoding] = None ++ return None ++ ++ # Now ask the module for the registry entry ++ entry = tuple(getregentry()) ++ if len(entry) != 4: ++ raise CodecRegistryError,\ ++ 'module "%s" (%s) failed to register' % \ ++ (mod.__name__, mod.__file__) ++ for obj in entry: ++ if not callable(obj): ++ raise CodecRegistryError,\ ++ 'incompatible codecs in module "%s" (%s)' % \ ++ (mod.__name__, mod.__file__) ++ ++ # Cache the codec registry entry ++ _cache[encoding] = entry ++ ++ # Register its aliases (without overwriting previously registered ++ # aliases) ++ try: ++ codecaliases = mod.getaliases() ++ except AttributeError: ++ pass ++ else: ++ for alias in codecaliases: ++ if not _aliases.has_key(alias): ++ _aliases[alias] = modname ++ ++ # Return the registry entry ++ return entry ++ ++ ++# MONKEY ++ ++import encodings ++encodings.search_function.func_code = search_function.func_code diff --git a/www/zope211/Makefile b/www/zope211/Makefile index a19af77ab5b..b3e5421c722 100644 --- a/www/zope211/Makefile +++ b/www/zope211/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.2 2008/07/20 02:14:23 taca Exp $ +# $NetBSD: Makefile,v 1.3 2008/08/17 15:13:23 taca Exp $ # DISTNAME= Zope-${ZOPE211_VERSION}-final PKGNAME= ${ZOPE_PKG_PREFIX}-${ZOPE211_VERSION} +PKGREVISION= 1 CATEGORIES= www python MASTER_SITES= http://www.zope.org/Products/Zope/${ZOPE211_VERSION}/ EXTRACT_SUFX= .tgz diff --git a/www/zope211/distinfo b/www/zope211/distinfo index a7df428236f..df9188c1732 100644 --- a/www/zope211/distinfo +++ b/www/zope211/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2008/07/20 02:14:23 taca Exp $ +$NetBSD: distinfo,v 1.3 2008/08/17 15:13:23 taca Exp $ SHA1 (Zope-2.11.1-final.tgz) = ab9058a4cdb2a18716d8f53f048d98380b1c560b RMD160 (Zope-2.11.1-final.tgz) = 4ba17ff14b49ca480bef59775c0decfcce2b6a05 @@ -12,3 +12,5 @@ SHA1 (patch-af) = 3b352c8bd6cc8f7360025d3d27267a0319cd6b17 SHA1 (patch-ag) = dffc88b9d087e01bf853441c4a9064a9184a310f SHA1 (patch-ah) = 360c8f69e1f23a9f0dec666d509e03e4ef55d93b SHA1 (patch-ai) = d7987483068b677aeab5ceb59dd8261e204065d7 +SHA1 (patch-aj) = a69e08c7f9a705056d13c5c7bff0dbfef1d53da6 +SHA1 (patch-ak) = 95633060bc99be604b75ac49e37e6483168bc362 diff --git a/www/zope211/patches/patch-aj b/www/zope211/patches/patch-aj new file mode 100644 index 00000000000..b99650b141b --- /dev/null +++ b/www/zope211/patches/patch-aj @@ -0,0 +1,19 @@ +$NetBSD: patch-aj,v 1.1 2008/08/17 15:13:23 taca Exp $ + +Patch #1 corresponding to security advisory 2008-08-12. + +--- lib/python/Products/PythonScripts/PythonScript.py.orig 2008-07-17 00:42:18.000000000 +0900 ++++ lib/python/Products/PythonScripts/PythonScript.py +@@ -324,7 +324,11 @@ class PythonScript(Script, Historical, C + g['__file__'] = getattr(self, '_filepath', None) or self.get_filepath() + f = new.function(fcode, g, None, fadefs) + +- result = f(*args, **kw) ++ try: ++ result = f(*args, **kw) ++ except SystemExit: ++ raise ValueError('SystemExit cannot be raised within a PythonScript') ++ + if keyset is not None: + # Store the result in the cache. + self.ZCacheable_set(result, keywords=keyset) diff --git a/www/zope211/patches/patch-ak b/www/zope211/patches/patch-ak new file mode 100644 index 00000000000..330fa185658 --- /dev/null +++ b/www/zope211/patches/patch-ak @@ -0,0 +1,109 @@ +$NetBSD: patch-ak,v 1.1 2008/08/17 15:13:23 taca Exp $ + +Patch #2 corresponding to security advisory 2008-08-12. + +--- lib/python/Products/PythonScripts/__init__.py.orig 2008-05-10 15:35:03.000000000 +0900 ++++ lib/python/Products/PythonScripts/__init__.py +@@ -61,3 +61,102 @@ def recompile(self): + if names: + return 'The following Scripts were recompiled:\n' + '\n'.join(names) + return 'No Scripts were found that required recompilation.' ++ ++ ++# Monkey patch for LP #257276 ++ ++# This code is taken from the encodings module of Python 2.4. ++# Note that this code is originally (C) CNRI and it is possibly not compatible ++# with the ZPL and therefore should not live within svn.zope.org. However this ++# checkin is blessed by Jim Fulton for now. The fix is no longer required with ++# Python 2.5 and hopefully fixed in Python 2.4.6 release. ++ ++ ++# Written by Marc-Andre Lemburg (mal@lemburg.com). ++# (c) Copyright CNRI, All Rights Reserved. NO WARRANTY. ++ ++def search_function(encoding): ++ ++ # Cache lookup ++ entry = _cache.get(encoding, _unknown) ++ if entry is not _unknown: ++ return entry ++ ++ # Import the module: ++ # ++ # First try to find an alias for the normalized encoding ++ # name and lookup the module using the aliased name, then try to ++ # lookup the module using the standard import scheme, i.e. first ++ # try in the encodings package, then at top-level. ++ # ++ norm_encoding = normalize_encoding(encoding) ++ aliased_encoding = _aliases.get(norm_encoding) or \ ++ _aliases.get(norm_encoding.replace('.', '_')) ++ if aliased_encoding is not None: ++ modnames = [aliased_encoding, ++ norm_encoding] ++ else: ++ modnames = [norm_encoding] ++ for modname in modnames: ++ ++ if not modname or '.' in modname: ++ continue ++ ++ try: ++ mod = __import__(modname, ++ globals(), locals(), _import_tail) ++ if not mod.__name__.startswith('encodings.'): ++ continue ++ ++ except ImportError: ++ pass ++ else: ++ break ++ else: ++ mod = None ++ ++ try: ++ getregentry = mod.getregentry ++ except AttributeError: ++ # Not a codec module ++ mod = None ++ ++ if mod is None: ++ # Cache misses ++ _cache[encoding] = None ++ return None ++ ++ # Now ask the module for the registry entry ++ entry = tuple(getregentry()) ++ if len(entry) != 4: ++ raise CodecRegistryError,\ ++ 'module "%s" (%s) failed to register' % \ ++ (mod.__name__, mod.__file__) ++ for obj in entry: ++ if not callable(obj): ++ raise CodecRegistryError,\ ++ 'incompatible codecs in module "%s" (%s)' % \ ++ (mod.__name__, mod.__file__) ++ ++ # Cache the codec registry entry ++ _cache[encoding] = entry ++ ++ # Register its aliases (without overwriting previously registered ++ # aliases) ++ try: ++ codecaliases = mod.getaliases() ++ except AttributeError: ++ pass ++ else: ++ for alias in codecaliases: ++ if not _aliases.has_key(alias): ++ _aliases[alias] = modname ++ ++ # Return the registry entry ++ return entry ++ ++ ++# MONKEY ++ ++import encodings ++encodings.search_function.func_code = search_function.func_code diff --git a/www/zope29/Makefile b/www/zope29/Makefile index f9b2d5e6503..ce18531889c 100644 --- a/www/zope29/Makefile +++ b/www/zope29/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.19 2008/05/26 02:13:26 joerg Exp $ +# $NetBSD: Makefile,v 1.20 2008/08/17 15:12:32 taca Exp $ # FreeBSD Id: ports/www/zope29/Makefile,v 1.86 2006/08/03 15:53:04 garga Exp DISTNAME= Zope-${ZOPE29_VERSION}-final PKGNAME= ${ZOPE_PKG_PREFIX}-${ZOPE29_VERSION} +PKGREVISION= 1 CATEGORIES= www python MASTER_SITES= http://www.zope.org/Products/Zope/${ZOPE29_VERSION}/ EXTRACT_SUFX= .tgz diff --git a/www/zope29/distinfo b/www/zope29/distinfo index c544a7e0d14..53e24d8caf6 100644 --- a/www/zope29/distinfo +++ b/www/zope29/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.6 2008/05/11 16:27:17 taca Exp $ +$NetBSD: distinfo,v 1.7 2008/08/17 15:12:32 taca Exp $ SHA1 (Zope-2.9.9-final.tgz) = decf69899c3d80cf13330373b1cf92351b490fb7 RMD160 (Zope-2.9.9-final.tgz) = 1818a1bb77bf300c113d10551a7896108bc6c8e3 @@ -13,3 +13,5 @@ SHA1 (patch-ag) = 17fb07285da587350e0c742bf941ec06798fdc0e SHA1 (patch-ah) = 6295b0a344bd6ad9c2f61842e1aa0b90c9578cd6 SHA1 (patch-ai) = 7c631001a397e72b799e2a663a8af0d4f68ef5e1 SHA1 (patch-aj) = bc0366b715714dd96e51cca30cff6c28f290bcda +SHA1 (patch-ak) = fd3d315b5f9f92a07032dd8a7d1979757d681cea +SHA1 (patch-al) = 95633060bc99be604b75ac49e37e6483168bc362 diff --git a/www/zope29/patches/patch-ak b/www/zope29/patches/patch-ak new file mode 100644 index 00000000000..46da24130da --- /dev/null +++ b/www/zope29/patches/patch-ak @@ -0,0 +1,19 @@ +$NetBSD: patch-ak,v 1.1 2008/08/17 15:12:32 taca Exp $ + +Patch #1 corresponding to security advisory 2008-08-12. + +--- lib/python/Products/PythonScripts/PythonScript.py.orig 2008-05-10 15:35:03.000000000 +0900 ++++ lib/python/Products/PythonScripts/PythonScript.py +@@ -323,7 +323,11 @@ class PythonScript(Script, Historical, C + g['__file__'] = getattr(self, '_filepath', None) or self.get_filepath() + f = new.function(fcode, g, None, fadefs) + +- result = f(*args, **kw) ++ try: ++ result = f(*args, **kw) ++ except SystemExit: ++ raise ValueError('SystemExit cannot be raised within a PythonScript') ++ + if keyset is not None: + # Store the result in the cache. + self.ZCacheable_set(result, keywords=keyset) diff --git a/www/zope29/patches/patch-al b/www/zope29/patches/patch-al new file mode 100644 index 00000000000..bc4e8326868 --- /dev/null +++ b/www/zope29/patches/patch-al @@ -0,0 +1,109 @@ +$NetBSD: patch-al,v 1.1 2008/08/17 15:12:32 taca Exp $ + +Patch #2 corresponding to security advisory 2008-08-12. + +--- lib/python/Products/PythonScripts/__init__.py.orig 2008-05-10 15:35:03.000000000 +0900 ++++ lib/python/Products/PythonScripts/__init__.py +@@ -61,3 +61,102 @@ def recompile(self): + if names: + return 'The following Scripts were recompiled:\n' + '\n'.join(names) + return 'No Scripts were found that required recompilation.' ++ ++ ++# Monkey patch for LP #257276 ++ ++# This code is taken from the encodings module of Python 2.4. ++# Note that this code is originally (C) CNRI and it is possibly not compatible ++# with the ZPL and therefore should not live within svn.zope.org. However this ++# checkin is blessed by Jim Fulton for now. The fix is no longer required with ++# Python 2.5 and hopefully fixed in Python 2.4.6 release. ++ ++ ++# Written by Marc-Andre Lemburg (mal@lemburg.com). ++# (c) Copyright CNRI, All Rights Reserved. NO WARRANTY. ++ ++def search_function(encoding): ++ ++ # Cache lookup ++ entry = _cache.get(encoding, _unknown) ++ if entry is not _unknown: ++ return entry ++ ++ # Import the module: ++ # ++ # First try to find an alias for the normalized encoding ++ # name and lookup the module using the aliased name, then try to ++ # lookup the module using the standard import scheme, i.e. first ++ # try in the encodings package, then at top-level. ++ # ++ norm_encoding = normalize_encoding(encoding) ++ aliased_encoding = _aliases.get(norm_encoding) or \ ++ _aliases.get(norm_encoding.replace('.', '_')) ++ if aliased_encoding is not None: ++ modnames = [aliased_encoding, ++ norm_encoding] ++ else: ++ modnames = [norm_encoding] ++ for modname in modnames: ++ ++ if not modname or '.' in modname: ++ continue ++ ++ try: ++ mod = __import__(modname, ++ globals(), locals(), _import_tail) ++ if not mod.__name__.startswith('encodings.'): ++ continue ++ ++ except ImportError: ++ pass ++ else: ++ break ++ else: ++ mod = None ++ ++ try: ++ getregentry = mod.getregentry ++ except AttributeError: ++ # Not a codec module ++ mod = None ++ ++ if mod is None: ++ # Cache misses ++ _cache[encoding] = None ++ return None ++ ++ # Now ask the module for the registry entry ++ entry = tuple(getregentry()) ++ if len(entry) != 4: ++ raise CodecRegistryError,\ ++ 'module "%s" (%s) failed to register' % \ ++ (mod.__name__, mod.__file__) ++ for obj in entry: ++ if not callable(obj): ++ raise CodecRegistryError,\ ++ 'incompatible codecs in module "%s" (%s)' % \ ++ (mod.__name__, mod.__file__) ++ ++ # Cache the codec registry entry ++ _cache[encoding] = entry ++ ++ # Register its aliases (without overwriting previously registered ++ # aliases) ++ try: ++ codecaliases = mod.getaliases() ++ except AttributeError: ++ pass ++ else: ++ for alias in codecaliases: ++ if not _aliases.has_key(alias): ++ _aliases[alias] = modname ++ ++ # Return the registry entry ++ return entry ++ ++ ++# MONKEY ++ ++import encodings ++encodings.search_function.func_code = search_function.func_code |