From b87763c5ef936be929d6e21b7c4fbb90b1f0273c Mon Sep 17 00:00:00 2001 From: fhajny Date: Wed, 29 Apr 2015 14:11:09 +0000 Subject: Fix CVE-2015-1397, CVE-2015-1398 & CVE-2015-1399 via upstream patches. Implement way to apply upstream patches using PATCHFILES. Bump PKGREVISION. --- finance/magento/Makefile | 20 ++++++++++++++++++-- finance/magento/PLIST | 3 ++- finance/magento/distinfo | 14 ++++++++++---- 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/finance/magento/Makefile b/finance/magento/Makefile index a0f2deda76d..a1f5516e7de 100644 --- a/finance/magento/Makefile +++ b/finance/magento/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.1 2014/12/12 12:52:47 fhajny Exp $ +# $NetBSD: Makefile,v 1.2 2015/04/29 14:11:09 fhajny Exp $ DISTNAME= magento-1.9.1.0 +PKGREVISION= 1 CATEGORIES= www finance MASTER_SITES= http://www.magentocommerce.com/downloads/assets/${PKGVERSION_NOREV}/ @@ -9,6 +10,11 @@ HOMEPAGE= http://www.magentocommerce.com/ COMMENT= Feature-rich eCommerce platform LICENSE= osl +DIST_SUBDIR= magento +PATCH_SITES= http://www.magentocommerce.com/downloads/assets/ce_patches/ +PATCHFILES= PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh +PATCHFILES+= PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh + DEPENDS+= ${PHP_PKG_PREFIX}-curl-[0-9]*:../../www/php-curl DEPENDS+= ${PHP_PKG_PREFIX}-dom-[0-9]*:../../textproc/php-dom DEPENDS+= ${PHP_PKG_PREFIX}-gd-[0-9]*:../../graphics/php-gd @@ -23,7 +29,7 @@ DEPENDS+= ${PHP_PKG_PREFIX}-zlib-[0-9]*:../../archivers/php-zlib WRKSRC= ${WRKDIR}/magento USE_LANGUAGES= # none -USE_TOOLS+= pax +USE_TOOLS+= date pax NO_BUILD= yes .include "../../lang/php/phpversion.mk" @@ -49,6 +55,9 @@ MODULEFILES= Cm_RedisSession.xml Mage_All.xml Mage_Api.xml Mage_Api2.xml \ Mage_Persistent.xml Mage_Weee.xml Mage_Widget.xml \ Mage_XmlConnect.xml Phoenix_Moneybookers.xml +CONF_FILES_PERMS+= share/examples/magento/applied.patches.list \ + ${PKG_SYSCONFDIR}/applied.patches.list \ + ${MAGENTO_OWN} ${MAGENTO_GRP} 0640 CONF_FILES_PERMS+= share/examples/magento/local.xml.template \ ${PKG_SYSCONFDIR}/local.xml.template \ ${MAGENTO_OWN} ${MAGENTO_GRP} 0640 @@ -68,6 +77,13 @@ PKG_SYSCONFDIR_PERMS= ${MAGENTO_OWN} ${MAGENTO_GRP} 0750 MAKE_DIRS_PERMS+= ${PKG_SYSCONFDIR}/modules ${MAGENTO_OWN} ${MAGENTO_GRP} 0750 OWN_DIRS_PERMS+= ${MAGENTO_DIR} ${MAGENTO_OWN} ${MAGENTO_GRP} 0750 +# Make note of the patches applied, same way the upstream patch scripts do +post-patch: +.for file in ${PATCHFILES} + ${ECHO_N} `${DATE} -u +"%F %T UTC"`' | ' >> ${WRKSRC}/app/etc/applied.patches.list + ${GREP} '^SUPEE-' ${DISTDIR}/${DIST_SUBDIR}/${file} >> ${WRKSRC}/app/etc/applied.patches.list +.endfor + do-install: cd ${WRKSRC} && pax -rw -p pp * ${DESTDIR}${PREFIX}/share/magento cd ${DESTDIR}${PREFIX}/share/magento/app/etc && \ diff --git a/finance/magento/PLIST b/finance/magento/PLIST index dee73405f3b..fa7d421e69b 100644 --- a/finance/magento/PLIST +++ b/finance/magento/PLIST @@ -1,4 +1,5 @@ -@comment $NetBSD: PLIST,v 1.1 2014/12/12 12:52:47 fhajny Exp $ +@comment $NetBSD: PLIST,v 1.2 2015/04/29 14:11:09 fhajny Exp $ +share/examples/magento/applied.patches.list share/examples/magento/config.xml share/examples/magento/local.xml.additional share/examples/magento/local.xml.template diff --git a/finance/magento/distinfo b/finance/magento/distinfo index c55bb26cc28..763efd33381 100644 --- a/finance/magento/distinfo +++ b/finance/magento/distinfo @@ -1,5 +1,11 @@ -$NetBSD: distinfo,v 1.1 2014/12/12 12:52:47 fhajny Exp $ +$NetBSD: distinfo,v 1.2 2015/04/29 14:11:09 fhajny Exp $ -SHA1 (magento-1.9.1.0.tar.gz) = 4f7064f4a5bc46298979e8b37208be6fdaf20002 -RMD160 (magento-1.9.1.0.tar.gz) = c2d3913ada02bcf2352643f65e859060c247a967 -Size (magento-1.9.1.0.tar.gz) = 23822215 bytes +SHA1 (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = ed08f33cfc8a35c0c38d9264bb94723d6a544450 +RMD160 (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = bd9729743ccc4c028b5354f06f669b142edd3815 +Size (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = 6173 bytes +SHA1 (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 56619b0244c86c07ebce84b88cc0f4d4ff8ec885 +RMD160 (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 079e5191f484ad9682da45e3a0ce078ecba4ab6d +Size (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 10551 bytes +SHA1 (magento/magento-1.9.1.0.tar.gz) = 4f7064f4a5bc46298979e8b37208be6fdaf20002 +RMD160 (magento/magento-1.9.1.0.tar.gz) = c2d3913ada02bcf2352643f65e859060c247a967 +Size (magento/magento-1.9.1.0.tar.gz) = 23822215 bytes -- cgit v1.2.3