diff options
| author |   Alfredo Tupone <tupone@gentoo.org> | 2008-10-22 19:31:56 +0000 |
|---|---|---|
| committer | Alfredo Tupone <tupone@gentoo.org> | 2008-10-22 19:31:56 +0000 |
| commit | 40d9273c9add7edf4a3eccc3348eb8fd0a0b1c56 (patch) | |
| tree | 9cdb28bc7034f85a838c610395afa19f43174def /net-zope | |
| parent | hppa stable, #192989 (diff) | |
| download | gentoo-2-40d9273c9add7edf4a3eccc3348eb8fd0a0b1c56.tar.gz gentoo-2-40d9273c9add7edf4a3eccc3348eb8fd0a0b1c56.tar.bz2 gentoo-2-40d9273c9add7edf4a3eccc3348eb8fd0a0b1c56.zip | |
Removing version 2.9.3 vulnerable to CVE-2007-0240
(Portage version: 2.1.4.5)
Diffstat (limited to 'net-zope')
| -rw-r--r-- | net-zope/zope/ChangeLog | 7 | ||||
| -rw-r--r-- | net-zope/zope/files/2.9/zope-2.9.4_logerror.patch | 63 | ||||
| -rw-r--r-- | net-zope/zope/files/i18n-1.0.0.patch | 184 | ||||
| -rw-r--r-- | net-zope/zope/zope-2.9.3.ebuild | 74 |
4 files changed, 6 insertions, 322 deletions
diff --git a/net-zope/zope/ChangeLog b/net-zope/zope/ChangeLog index 77c2dbf7ca63..a1bbdd69e819 100644 --- a/net-zope/zope/ChangeLog +++ b/net-zope/zope/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-zope/zope # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/ChangeLog,v 1.141 2008/07/08 06:30:50 tupone Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/ChangeLog,v 1.142 2008/10/22 19:31:55 tupone Exp $ + + 22 Oct 2008; <tupone@gentoo.org> -files/i18n-1.0.0.patch, + -files/2.9/zope-2.9.4_logerror.patch, -zope-2.9.3.ebuild: + Removing version 2.9.3 vulnerable to CVE-2007-0240: Hotfix for cross-site + scripting vulnerability 08 Jul 2008; Tupone Alfredo <tupone@gentoo.org> -files/2.7.8/i18n-1.0.0.patch, -files/2.6.4/zope.confd, diff --git a/net-zope/zope/files/2.9/zope-2.9.4_logerror.patch b/net-zope/zope/files/2.9/zope-2.9.4_logerror.patch deleted file mode 100644 index b0c04eae745c..000000000000 --- a/net-zope/zope/files/2.9/zope-2.9.4_logerror.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -Naur Zope-2.9.4-final-orig/lib/python/App/RefreshFuncs.py Zope-2.9.4-final/lib/python/App/RefreshFuncs.py ---- Zope-2.9.4-final-orig/lib/python/App/RefreshFuncs.py 2006-07-20 05:31:19.000000000 +0000 -+++ Zope-2.9.4-final/lib/python/App/RefreshFuncs.py 2006-08-25 11:15:28.000000000 +0000 -@@ -140,7 +140,7 @@ - exc = sys.exc_info() - try: - logger.error('Exception while refreshing %s' -- % productid, error=exc) -+ % productid, exc_info=exc) - if hasattr(exc[0], '__name__'): - error_type = exc[0].__name__ - else: -diff -Naur Zope-2.9.4-final-orig/lib/python/OFS/ObjectManager.py Zope-2.9.4-final/lib/python/OFS/ObjectManager.py ---- Zope-2.9.4-final-orig/lib/python/OFS/ObjectManager.py 2006-07-20 05:31:20.000000000 +0000 -+++ Zope-2.9.4-final/lib/python/OFS/ObjectManager.py 2006-08-25 11:15:42.000000000 +0000 -@@ -675,7 +675,7 @@ - stat=marshal.loads(v.manage_FTPstat(REQUEST)) - except: - logger.error("Failed to stat file '%s'" % k, -- error=sys.exc_info()) -+ exc_info=sys.exc_info()) - stat=None - if stat is not None: - out=out+((k,stat),) -diff -Naur Zope-2.9.4-final-orig/lib/python/Shared/DC/ZRDB/Connection.py Zope-2.9.4-final/lib/python/Shared/DC/ZRDB/Connection.py ---- Zope-2.9.4-final-orig/lib/python/Shared/DC/ZRDB/Connection.py 2006-07-20 05:31:21.000000000 +0000 -+++ Zope-2.9.4-final/lib/python/Shared/DC/ZRDB/Connection.py 2006-08-25 11:10:27.000000000 +0000 -@@ -71,7 +71,7 @@ - try: self.connect(self.connection_string) - except: - logger.error('Error connecting to relational database.', -- error=exc_info()) -+ exc_info=exc_info()) - - def title_and_id(self): - s=Connection.inheritedAttribute('title_and_id')(self) -@@ -151,7 +151,7 @@ - self._v_database_connection.close() - except: - logger.error('Error closing relational database connection.', -- error=exc_info()) -+ exc_info=exc_info()) - self._v_connected='' - if REQUEST is not None: - return self.manage_main(self, REQUEST) -diff -Naur Zope-2.9.4-final-orig/lib/python/ZPublisher/BeforeTraverse.py Zope-2.9.4-final/lib/python/ZPublisher/BeforeTraverse.py ---- Zope-2.9.4-final-orig/lib/python/ZPublisher/BeforeTraverse.py 2006-07-20 05:31:19.000000000 +0000 -+++ Zope-2.9.4-final/lib/python/ZPublisher/BeforeTraverse.py 2006-08-25 11:14:32.000000000 +0000 -@@ -105,7 +105,7 @@ - cob(container, request) - except TypeError: - self.logger.error('%s call %s failed.' % ( -- `self._hookname`, `cob`), error=sys.exc_info()) -+ `self._hookname`, `cob`), exc_info=sys.exc_info()) - - def add(self, cob): - self._list.append(cob) -@@ -153,4 +153,4 @@ - # the programmer may want to raise them deliberately. - import sys - self.logger.error('Error while invoking hook: "%s"' -- % self.name, error=sys.exc_info()) -+ % self.name, exc_info=sys.exc_info()) diff --git a/net-zope/zope/files/i18n-1.0.0.patch b/net-zope/zope/files/i18n-1.0.0.patch deleted file mode 100644 index 9cbf0ba65ee2..000000000000 --- a/net-zope/zope/files/i18n-1.0.0.patch +++ /dev/null @@ -1,184 +0,0 @@ -? encode.diff -? i18n-0.9.9.patch -? i18n-1.0.0.patch -? i18n.patch -? run_tests -? test.diff -Index: ClassicStructuredText.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/ClassicStructuredText.py,v -retrieving revision 1.1.1.2 -retrieving revision 1.1.1.1.2.1 -diff -u -r1.1.1.2 -r1.1.1.1.2.1 -Index: DocumentClass.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/DocumentClass.py,v -retrieving revision 1.1.1.1 -diff -u -r1.1.1.1 DocumentClass.py ---- DocumentClass.py 15 Apr 2003 15:13:52 -0000 1.1.1.1 -+++ DocumentClass.py 9 Nov 2003 18:02:30 -0000 -@@ -789,7 +789,7 @@ - - def doc_literal( - self, s, -- expr = re.compile(r"(\W+|^)'([%s%s%s\s]+)'([%s]+|$)" % (letters, digits, literal_punc, phrase_delimiters)).search,): -+ expr = re.compile(r"(\W+|^)'((?:\w|[%s%s\s])+)'([%s]+|$)" % (digits, literal_punc, phrase_delimiters), re.U).search,): - - # old expr... failed to cross newlines. - # expr=re.compile( -@@ -807,7 +807,9 @@ - - def doc_emphasize( - self, s, -- expr = re.compile(r'\*([%s%s%s\s]+?)\*' % (letters, digits, strongem_punc)).search -+ # i18nal variant -+ expr = re.compile(r'\*((?:\w|[%s\s])+?)\*' % (strongem_punc), re.U).search -+ #expr = re.compile(r'\*([%s%s%s\s]+?)\*' % (letters, digits, strongem_punc)).search - #expr = re.compile(r'\s*\*([ \n\r%s0-9.:/;,\'\"\?\-\_\/\=\-\>\<\(\)]+)\*(?!\*|-)' % letters).search # old expr, inconsistent punctuation - ): - -@@ -853,7 +855,7 @@ - - def doc_underline(self, - s, -- expr=re.compile(r'_([%s%s%s\s]+)_([\s%s]|$)' % (letters, digits, under_punc,phrase_delimiters)).search): -+ expr=re.compile(r'_((?:\w|[%s\s])+)_([\s%s]|$)' % (under_punc,phrase_delimiters), re.U).search): - - result = expr(s) - if result: -@@ -867,7 +869,7 @@ - - def doc_strong(self, - s, -- expr = re.compile(r'\*\*([%s%s%s\s]+?)\*\*' % (letters, digits, strongem_punc)).search -+ expr = re.compile(r'\*\*((?:\w|[%s%s\s])+?)\*\*' % (digits, strongem_punc), re.U).search - #expr = re.compile(r'\s*\*\*([ \n\r%s0-9.:/;,\'\"\?\-\_\/\=\-\>\<\(\)]+)\*\*(?!\*|-)' % letters).search, # old expr, inconsistent punc, failed to cross newlines. - ): - -@@ -879,7 +881,7 @@ - return None - - ## Some constants to make the doc_href() regex easier to read. -- _DQUOTEDTEXT = r'("[ %s0-9\n\r%s]+")' % (letters,dbl_quoted_punc) ## double quoted text -+ _DQUOTEDTEXT = r'("[^"]+")' - _ABSOLUTE_URL=r'((http|https|ftp|mailto|file|about)[:/]+?[%s0-9_\@\.\,\?\!\/\:\;\-\#\~\=\&\%%\+]+)' % letters - _ABS_AND_RELATIVE_URL=r'([%s0-9_\@\.\,\?\!\/\:\;\-\#\~\=\&\%%\+]+)' % letters - -@@ -887,12 +889,12 @@ - - - def doc_href1(self, s, -- expr=re.compile(_DQUOTEDTEXT + "(:)" + _ABS_AND_RELATIVE_URL + _SPACES).search -+ expr=re.compile(_DQUOTEDTEXT + "(:)" + _ABS_AND_RELATIVE_URL + _SPACES, re.U).search - ): - return self.doc_href(s, expr) - - def doc_href2(self, s, -- expr=re.compile(_DQUOTEDTEXT + r'(\,\s+)' + _ABSOLUTE_URL + _SPACES).search -+ expr=re.compile(_DQUOTEDTEXT + r'(\,\s+)' + _ABSOLUTE_URL + _SPACES, re.U).search - ): - return self.doc_href(s, expr) - -Index: DocumentWithImages.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/DocumentWithImages.py,v -retrieving revision 1.1.1.1 -retrieving revision 1.2 -diff -u -r1.1.1.1 -r1.2 ---- DocumentWithImages.py 15 Apr 2003 15:13:52 -0000 1.1.1.1 -+++ DocumentWithImages.py 15 Apr 2003 15:16:25 -0000 1.2 -@@ -30,12 +30,12 @@ - - def doc_img( - self, s, -- expr1=re.compile('\"([ _a-zA-Z0-9*.:/;,\-\n\~]+)\":img:([a-zA-Z0-9\_\-.:/;,\n\~]+)').search, -- expr2=re.compile('\"([ _a-zA-Z0-9*.:/;,\-\n\~]+)\":img:([a-zA-Z0-9\_\-.:/;,\n\~]+):([a-zA-Z0-9_\-.:/;,\n\~]+)').search -+ expr1=re.compile('\"((?:\w|[ *.:/;,\-\n\~])+)\":img:([a-zA-Z0-9\_\-.:/;,\n\~]+)', re.U).search, -+ expr2=re.compile('\"((?:\w|[ *.:/;,\-\n\~])+)\":img:([a-zA-Z0-9\_\-.:/;,\n\~]+):([a-zA-Z0-9_\-.:/;,\n\~]+)', re.U).search - ): -- - r = expr2(s) - if r: -+ - - # Warning: the regex are getting confused when the string after :img: - # is an URL containing ":" (Collector #2276) -Index: HTMLClass.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/HTMLClass.py,v -retrieving revision 1.1.1.1 -retrieving revision 1.2.2.2 -diff -u -r1.1.1.1 -r1.2.2.2 -Index: ST.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/ST.py,v -retrieving revision 1.1.1.1 -retrieving revision 1.2 -diff -u -r1.1.1.1 -r1.2 ---- ST.py 15 Apr 2003 15:13:53 -0000 1.1.1.1 -+++ ST.py 15 Apr 2003 15:16:25 -0000 1.2 -@@ -115,6 +115,9 @@ - Structure => [paragraph,[sub-paragraphs]] - """ - -+ if type(paragraphs) == type(''): -+ paragraphs = unicode(paragraphs, 'utf-8') -+ - currentlevel = 0 - currentindent = 0 - levels = {0:0} -Index: Zwiki.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/Zwiki.py,v -retrieving revision 1.1.1.2 -retrieving revision 1.1.1.1.2.1 -diff -u -r1.1.1.2 -r1.1.1.1.2.1 -Index: test.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/test.py,v -retrieving revision 1.1.1.1 -retrieving revision 1.1.2.1 -diff -u -r1.1.1.1 -r1.1.2.1 -Index: tests/__init__.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/tests/__init__.py,v -retrieving revision 1.1.1.1 -retrieving revision 1.1.2.1 -diff -u -r1.1.1.1 -r1.1.2.1 -Index: tests/testStructuredText.py -=================================================================== -RCS file: /var/lib/cvs/nkm/zope/StructuredText/tests/testStructuredText.py,v -retrieving revision 1.1.1.1 -retrieving revision 1.1.1.1.2.3 -diff -u -r1.1.1.1 -r1.1.1.1.2.3 ---- tests/testStructuredText.py 15 Apr 2003 15:13:56 -0000 1.1.1.1 -+++ tests/testStructuredText.py 7 Nov 2003 12:12:32 -0000 1.1.1.1.2.3 -@@ -210,13 +210,22 @@ - '<code>"literal":http://www.zope.org/.</code>') - - -- def XXXtestUnicodeContent(self): -- # This fails because ST uses the default locale to get "letters" -- # whereas it should use \w+ and re.U if the string is Unicode. -- #self._test(u"h\xe9 **y\xe9** xx", -- # u"h\xe9 <strong>y\xe9</strong> xx") -- pass -+ def testUnicodeContent(self): -+ self._test(u"h\xe9 **y\xe9** xx", -+ u"h\xe9 <strong>y\xe9</strong> xx") -+ self._test(u"h\xe9 *y\xe9* xx", -+ u"h\xe9 <em>y\xe9</em> xx") -+ self._test(u"h\xe9 _y\xe9_ xx", -+ u"h\xe9 <u>y\xe9</u> xx") -+ self._test(u"h\xe9 'y\xe9' xx", -+ u"h\xe9 <code>y\xe9</code> xx") -+ self._test(u"h\xe9 \"y\xe9\":http://zope.org xx", -+ u"h\xe9 <a href=\"http://zope.org\">y\xe9</a> xx") - -+ def testDoNotHang(self): -+ raw_str = 'UAB "Vita Baltic International" produkcijos asortiment\u0105 papild\u0117 dar trys specifines nedegumo savybes turin\u010dios porolono ru\u0161ys. \nSpalio m\u0117nes\u012f buvo gauti tarptautiniai sertifikatai, liudijantys, kad porolonai CV 3037, CV 3538 ir CV 2533 atitinka degumo standart\u0173 BS 5852:Part 2: 1982 reikalavimus. Tai labai gera \u017einia bald\u0173 gamintojams, gaminantiems baldus ir \u010diu\u017einius,\nkuri\u0173 gaminiams keliami ypatingi importuotoj\u0173 reikalavimai.' -+ res_txt = raw_str -+ self._test(raw_str, res_txt) - - def test_suite(): - suite = unittest.TestSuite() diff --git a/net-zope/zope/zope-2.9.3.ebuild b/net-zope/zope/zope-2.9.3.ebuild deleted file mode 100644 index 7d39bee5c0d6..000000000000 --- a/net-zope/zope/zope-2.9.3.ebuild +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/zope-2.9.3.ebuild,v 1.2 2008/05/27 20:59:50 tupone Exp $ - -inherit eutils multilib - -DESCRIPTION="Zope is a web application platform used for building high-performance, dynamic web sites" -HOMEPAGE="http://www.zope.org" -SRC_URI="http://www.zope.org/Products/Zope/${PV}/Zope-${PV}.tgz" - -LICENSE="ZPL" -SLOT="${PV}" -KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" -IUSE="" - -RDEPEND="=dev-lang/python-2.4*" - -DEPEND="${RDEPEND} -virtual/libc ->=sys-apps/sed-4.0.5" - -S="${WORKDIR}/Zope-${PV}" -ZUID=zope -ZGID=zope -ZS_DIR=${ROOT%/}/usr/$(get_libdir) -ZSERVDIR=${ZS_DIR}/${P} - -# Narrow the scope of ownership/permissions. -# Security plan: -# * ZUID is the superuser for all zope instances. -# * ZGID is for a single instance's administration. -# * Other' should not have any access to ${ZSERVDIR}, -# because they can work through the Zope web interface. -# This should protect our code/data better. -# -# UPDATE: ${ZSERVDIR} is a lib directory and should be world readable -# like e.g /usr/lib/python we do not store any user data there, -# currently removed all custom permission stuff, for ${ZSERVDIR} - -src_compile() { - ./configure --prefix=. --force --with-python=/usr/bin/python2.4 || die "Failed to execute ./configure ..." - emake || die "Failed to compile." -} - -src_install() { - dodoc README.txt - dodoc Zope/doc/*.txt - docinto PLATFORMS ; dodoc Zope/doc/PLATFORMS/* - docinto ZEO ; dodoc Zope/doc/ZEO/* - - make install prefix="${D}"${ZSERVDIR} - rm -rf "${D}"${ZSERVDIR}/doc - dosym ../../share/doc/${PF} ${ZSERVDIR}/doc - - # copy the init script skeleton to skel directory of our installation - cp "${FILESDIR}"/zope.initd "${D}"/${ZSERVDIR}/skel/zope.initd -} - -pkg_postinst() { - # create the zope user and group for backward compatibility - enewgroup ${ZGID} 261 - usermod -g ${ZGID} ${ZUID} 2>&1 >/dev/null || \ - enewuser ${ZUID} 261 -1 /var/$(get_libdir)/zope ${ZGID} - - einfo "Be warned that you need at least one zope instance to run zope." - einfo "Please emerge zope-config for futher instance management." -} - -pkg_prerm() { - - #need to remove this symlink because portage keeps links to - #existing targets - rm ${ZSERVDIR}/bin/python -} |