Fixing vulnerability on version 2.9 and 2.10 as per bug #31337

Package-Manager: portage-2.1.7.17/cvs/Linux x86_64

4 files changed, 164 insertions, 2 deletions

diff --git a/net-zope/zope/ChangeLog b/net-zope/zope/ChangeLog
index 18c7d8e2839c..75b3f155a2e0 100644
--- a/net-zope/zope/ChangeLog
+++ b/net-zope/zope/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-zope/zope
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/ChangeLog,v 1.166 2010/02/14 19:17:00 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/ChangeLog,v 1.167 2010/04/07 12:47:59 tupone Exp $
+
+*zope-2.10.11 (07 Apr 2010)
+*zope-2.9.12 (07 Apr 2010)
+
+  07 Apr 2010; Alfredo Tupone <tupone@gentoo.org> +zope-2.9.12.ebuild,
+  +zope-2.10.11.ebuild:
+  Fixing vulnerability on version 2.9 and 2.10 as per bug #31337 by
+  craig@gentoo.org
 
   14 Feb 2010; Raúl Porcel <armin76@gentoo.org> zope-2.12.3.ebuild:
   Add ~alpha/~sparc wrt #297734
diff --git a/net-zope/zope/Manifest b/net-zope/zope/Manifest
index a990e9fe01ae..23fc7a2b171d 100644
--- a/net-zope/zope/Manifest
+++ b/net-zope/zope/Manifest
@@ -1,13 +1,16 @@
 AUX CVE-2009-0668+0669.patch 4297 RMD160 6b207296cf9d8785fd8e41c7bbed1695c4712e4b SHA1 1a9535b295353fb70464095818b68beba88cc288 SHA256 c8cd316c2ce4821c127c78b72e73e9b3f0211d0959105c780a1a16903d0b4c08
 AUX zope-2.12.2-fix_syntax_error.patch 614 RMD160 6be759d460561658d41c2011d1b0bed7ffd41709 SHA1 993780367e8389b6b48bd3f1d9d1dbd08f192531 SHA256 ca0763b7c8db4686e37bb240cd87c137899457ef42cd2240ac4f155762c2e50b
 AUX zope.initd 1317 RMD160 39fa98ed8cbc703cd77238d345328430e39bddd4 SHA1 6215743f7d108fa3e668cf24d748ad19d68faeab SHA256 1a3a03ef186fbdfd566023cf3fbb311f03214c51021b3af628b3233704838506
+DIST Zope-2.10.11-final.tgz 7299111 RMD160 cc8cb37f1645617465ee5a2ed3da9129b0cd0084 SHA1 e1cf0427dd3144786af5700a67fce389f8c89e32 SHA256 cb81c6ed04af8e4e9f9e8814de53aba565757ca25f08b1fa4b25045305de06b7
 DIST Zope-2.10.7-final.tgz 7269082 RMD160 5a9123ab70d9fac6101bdfcdc2141dd10b4d7c41 SHA1 94bb8c2ff13345fc16052c4f6b3ef585f3f90f9e SHA256 bedcd85d859839f2390ebe80c4b2cd4442d31210f317d056d9998cc4f6df87cd
 DIST Zope-2.10.9-final.tgz 7189195 RMD160 6c4605546ac48f493d85fadd01fea523140a9e31 SHA1 b479ae514e578ade826ab5237786677647b8b65e SHA256 32c172e11b56af85dc6192e6ae5d02218e39e6399017dbb035f94e7c213b43f1
 DIST Zope-2.9.10-final.tgz 7060210 RMD160 56bf67c05c2ef588844a2fb2140ac244565e3bc7 SHA1 c05a460e206f9efb95fbe6ac2be78f68851f1f05 SHA256 65bf27d257eec79efa8c7be5cf26e266e67ad05325347d0da39c9bcc1b961c28
+DIST Zope-2.9.12-final.tgz 7088973 RMD160 c5095d988a745b9929a28a816b78a147f858b262 SHA1 673555c832c52d52ca29e1f9f10425ce13630897 SHA256 38aadbbaad940727a39080ef1f6de1d6a47dd77e4525e37b8abcc920e03b7802
 DIST Zope-3.2.2.tgz 6544087 RMD160 1e7e08e1178f449bf120d7fc2caa6259fde1a0cf SHA1 9bd3c099fc77f981a8b803770aca168eb813e260 SHA256 c6f6d49d8b910bc35a32b848c6296b7ad61cb64f83974b52dd3623169f141ba4
 DIST Zope-3.3.1.tgz 6594248 RMD160 11bf3b8c899518a5965f21a4a372912a4bc1438d SHA1 4576ac21c3415563d3b0b747e40963a762b63fce SHA256 6189999de3190e4b0d5110490567d9f7ef92379ea555f738fc741d49d0807be3
 DIST Zope2-2.12.2.tar.gz 1954193 RMD160 1e18e9650f11ba1c1e3facd18ae9bbbee6cdf50c SHA1 4b86ff82dac5e932e17f3f3dd9ce69f6d1951177 SHA256 2a9e15c721561f42ff66b587eaee7c6c93a74b65430e57f75a6661ab9a27dd6a
 DIST Zope2-2.12.3.tar.gz 1967467 RMD160 15715780ec17ccd5eff9bc803fc82e4f138f7b91 SHA1 e60a83c3b38823ebe5b7b170afcbdb15cfb877de SHA256 7d2f609042305a03356bc16a6bda1569e49b7e2ae32cec939383c25c9a590495
+EBUILD zope-2.10.11.ebuild 2338 RMD160 947d018a7d189c269f5a71bfbd35c99c097015b3 SHA1 8d9b7f35f5e56e04192f54be5498f9769eba7f8f SHA256 9511a3045495e4c596a463f66e8bd40123e1fb485054bfe7394446aca3399983
 EBUILD zope-2.10.7-r1.ebuild 2419 RMD160 a8eacc97fc3ec0d837e130c19b6160c51087054f SHA1 6cb14047b90e25b36582dc1b77296fd7033a1421 SHA256 b9fc3ccc0f925043e4999bc40d077ac3f927987fb72a4e2db3c1d2e9dac78f69
 EBUILD zope-2.10.7.ebuild 2378 RMD160 b5aec5e9ff6fc8081dff21d3ab5049929922712d SHA1 8a7d41e475abb6efd60b1212e8520f862d804f8b SHA256 641c43f253d26a75a926283f5a5c8dadc65797cf605984b5d1b185c1161e8845
 EBUILD zope-2.10.9.ebuild 2337 RMD160 7c7c5d215a96ecad33a10810e0d9c8e1d9dd9400 SHA1 b371ad3c5bfac6492b9c2c8483e3a00d60da3d3d SHA256 1dcd78b0751013e7b50fa9364ff2cf362a11046a7b824681c10395444cfc4889
@@ -15,7 +18,8 @@ EBUILD zope-2.12.2.ebuild 4052 RMD160 73df1c293f021f600c6aca1d78df3397d53f34a3 S
 EBUILD zope-2.12.3.ebuild 4030 RMD160 eedb54519c59911c651c20a3084bac45bd8a5e60 SHA1 307302b35a354e5b7c0be8ae3ce8ba289a3ac90c SHA256 32dbe2e48270dbedcfd4d2bb1ff134a9dd0eeea2ac65d6a1f73634124bbced7c
 EBUILD zope-2.9.10-r1.ebuild 2439 RMD160 4d893fe82971f3d3a6b5bf47873c272ec732329b SHA1 930744cecdff3eed82705332bb505b9d5abbf486 SHA256 057741f43d33bd395e4bf69a1706931c5dcae18cd4f5e7e94d849a85dcde6345
 EBUILD zope-2.9.10.ebuild 2397 RMD160 e33501ae1658b572c23e9383492215c2af0cc5b1 SHA1 fabcdb45cce3c0ae12e3f77e12a2122f409f13ec SHA256 c2ccd01a1e47987ef0a82c2803decdb85bc189e955b2c6c6c62186c897164a04
+EBUILD zope-2.9.12.ebuild 2360 RMD160 5a9bf3b160e550ccb8763ed482d13c31e5c8adce SHA1 58acba7e763d23f8928fd58238c9f8291348d1b8 SHA256 3ecfc41788202490fe8f3c1c089cac6cef2f2f510e6f59d711c9807ed8cef7a5
 EBUILD zope-3.2.2.ebuild 3624 RMD160 e74adaedc41a265b71fd583d87b6f33b34448c0a SHA1 5632e19dc545b80c4ebe734119d81c39fe2b101e SHA256 82e0e16be113e8e2c7f4ca11ef1fa3dc24b96ca4a65161909c4c58999779d57d
 EBUILD zope-3.3.1.ebuild 3429 RMD160 4951ab3da1c9adc918f0a093a4bfac6deceba2b5 SHA1 5aefef7e3cf1cfc22674510ec6c78b4d8bcc6448 SHA256 7cc2aa03f0e77a65a6fc93aa01755a7eb41de30384366fd963172389606cc139
-MISC ChangeLog 25596 RMD160 be9cd0d4caaf5ad77a0f9b1ba71edea9f3ba3466 SHA1 49e078f2a1607d3549a364074fe245b86969f8b6 SHA256 cd9c31ae17ce8c3dcfcd99e5461f4a1d77e6d83239a0038ebe7f10fd1604d942
+MISC ChangeLog 25834 RMD160 f0c1b500a3362c2fdaac8427282b2d3aa6336b0c SHA1 d0f72df5e1aaad473a4a2be9c3d60978522a0062 SHA256 9f4f39f952194ded53e56a079546ac29ef83fbd21ff16292c566907e1e335fbb
 MISC metadata.xml 161 RMD160 5e136d45f811478292bd2ee1798a9b0229ffe468 SHA1 9755179a2dee0511818b1f6738ded28e335e1b9a SHA256 e69ac7205cbc2e42a297e20d8f08922003390a345bbf50ccf00d1158a1c97cc5
diff --git a/net-zope/zope/zope-2.10.11.ebuild b/net-zope/zope/zope-2.10.11.ebuild
new file mode 100644
index 000000000000..36b0f7b57db8
--- /dev/null
+++ b/net-zope/zope/zope-2.10.11.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/zope-2.10.11.ebuild,v 1.1 2010/04/07 12:47:59 tupone Exp $
+EAPI=2
+
+inherit eutils multilib
+
+DESCRIPTION="Zope is a web application platform used for building high-performance, dynamic web sites"
+HOMEPAGE="http://www.zope.org"
+SRC_URI="http://www.zope.org/Products/Zope/${PV}/Zope-${PV}-final.tgz"
+
+LICENSE="ZPL"
+SLOT="${PV}"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE=""
+RESTRICT="test"
+
+RDEPEND="=dev-lang/python-2.4*"
+DEPEND="${RDEPEND}"
+
+S="${WORKDIR}/Zope-${PV}-final"
+ZUID=zope
+ZGID=zope
+ZS_DIR=${ROOT%/}/usr/$(get_libdir)
+ZSERVDIR=${ZS_DIR}/${P}
+
+# Narrow the scope of ownership/permissions.
+# Security plan:
+# * ZUID is the superuser for all zope instances.
+# * ZGID is for a single instance's administration.
+# * Other' should not have any access to ${ZSERVDIR},
+#   because they can work through the Zope web interface.
+#   This should protect our code/data better.
+#
+# UPDATE: ${ZSERVDIR} is a lib directory and should be world readable
+# like e.g /usr/lib/python we do not store any user data there,
+# currently removed all custom permission stuff, for ${ZSERVDIR}
+src_configure() {
+	./configure  --prefix="${D}${ZSERVDIR}" --with-python=/usr/bin/python2.4 || die "Failed to execute ./configure ..."
+}
+
+src_install() {
+	dodoc README.txt
+	dodoc doc/*.txt
+	docinto PLATFORMS ; dodoc doc/PLATFORMS/*
+	docinto ZEO ; dodoc doc/ZEO/*
+
+	make install prefix="${D}${ZSERVDIR}" || die "Failed to install into ${D}${ZSERVDIR}"
+	rm -rf "${D}${ZSERVDIR}"/doc
+	dosym ../../share/doc/${PF} ${ZSERVDIR}/doc
+
+	# copy the init script skeleton to skel directory of our installation
+	insinto "${ZSERVDIR}"/skel
+	doins "${FILESDIR}"/zope.initd
+}
+
+pkg_postinst() {
+	# create the zope user and group for backward compatibility
+	enewgroup ${ZGID} 261
+	usermod -g ${ZGID} ${ZUID} 2>&1 >/dev/null || \
+	enewuser ${ZUID} 261 -1 /var/$(get_libdir)/zope  ${ZGID}
+
+	einfo "Be warned that you need at least one zope instance to run zope."
+	einfo "Please emerge zope-config for further instance management."
+}
+
+pkg_prerm() {
+	#Remove old compiled code
+	rm ${ZSERVDIR}/bin/copyzopeskel.pyc
+
+	#need to remove this symlink because portage keeps links to
+	#existing targets
+	rm ${ZSERVDIR}/bin/python
+}
diff --git a/net-zope/zope/zope-2.9.12.ebuild b/net-zope/zope/zope-2.9.12.ebuild
new file mode 100644
index 000000000000..e17003ddce6b
--- /dev/null
+++ b/net-zope/zope/zope-2.9.12.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-zope/zope/zope-2.9.12.ebuild,v 1.1 2010/04/07 12:47:59 tupone Exp $
+EAPI=2
+
+inherit eutils multilib
+
+DESCRIPTION="Zope is a web application platform used for building high-performance, dynamic web sites"
+HOMEPAGE="http://www.zope.org"
+SRC_URI="http://www.zope.org/Products/Zope/${PV}/Zope-${PV}-final.tgz"
+
+LICENSE="ZPL"
+SLOT="${PV}"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE=""
+
+DEPEND="=dev-lang/python-2.4*"
+
+S="${WORKDIR}/Zope-${PV}-final"
+ZUID=zope
+ZGID=zope
+ZS_DIR=${ROOT%/}/usr/$(get_libdir)
+ZSERVDIR=${ZS_DIR}/${P}
+
+# Narrow the scope of ownership/permissions.
+# Security plan:
+# * ZUID is the superuser for all zope instances.
+# * ZGID is for a single instance's administration.
+# * Other' should not have any access to ${ZSERVDIR},
+#   because they can work through the Zope web interface.
+#   This should protect our code/data better.
+#
+# UPDATE: ${ZSERVDIR} is a lib directory and should be world readable
+# like e.g /usr/lib/python we do not store any user data there,
+# currently removed all custom permission stuff, for ${ZSERVDIR}
+
+src_configure() {
+	./configure  --prefix="${D}${ZSERVDIR}" --with-python=/usr/bin/python2.4 || die "Failed to execute ./configure ..."
+}
+
+src_install() {
+	dodoc README.txt
+	dodoc doc/*.txt
+	docinto PLATFORMS ; dodoc doc/PLATFORMS/*
+	docinto ZEO ; dodoc doc/ZEO/*
+
+	make install prefix="${D}"${ZSERVDIR} || die "Failed to install into ${D}${ZSERVDIR}"
+	rm -rf "${D}"${ZSERVDIR}/doc
+	dosym ../../share/doc/${PF} ${ZSERVDIR}/doc
+
+	# copy the init script skeleton to skel directory of our installation
+	cp "${FILESDIR}"/zope.initd "${D}"/${ZSERVDIR}/skel/zope.initd
+}
+
+src_test() {
+	einfo "Tests disabled by Gentoo team."
+}
+
+pkg_postinst() {
+	# create the zope user and group for backward compatibility
+	enewgroup ${ZGID} 261
+	usermod -g ${ZGID} ${ZUID} 2>&1 >/dev/null || \
+	enewuser ${ZUID} 261 -1 /var/$(get_libdir)/zope  ${ZGID}
+
+	einfo "Be warned that you need at least one zope instance to run zope."
+	einfo "Please emerge zope-config for futher instance management."
+}
+
+pkg_prerm() {
+	#Remove old compiled code
+	rm ${ZSERVDIR}/bin/copyzopeskel.pyc
+
+	#need to remove this symlink because portage keeps links to
+	#existing targets
+	rm ${ZSERVDIR}/bin/python
+}