From be5a1dcb666cecc7961fc9d42a1cffbb86f0713b Mon Sep 17 00:00:00 2001
From: Neil Blakey-Milner <nbm@FreeBSD.org>
Date: Sat, 23 Mar 2002 10:04:29 +0000
Subject: Implement the HotFix described at
 http://www.zope.org/Products/Zope/Hotfix_2002-03-01/README.txt which says:

``The issue involves the checking of security for objects with proxy
  roles. The context of the owner user that created the object with
  proxy roles was not being taken into account when determining access
  to the object with proxy roles. This flaw could allow users defined
  in subfolders of a site with sufficient privileges to access objects
  at higher levels in the site that they would not normally be able to
  access.''

PR:		36103
Submitted by:	HAYASHI Yasushi <yasi@yasi.to>
---
 www/zope29/Makefile  | 9 ++++++---
 www/zope29/distinfo  | 1 +
 www/zope29/pkg-plist | 4 ++++
 3 files changed, 11 insertions(+), 3 deletions(-)

(limited to 'www/zope29')

diff --git a/www/zope29/Makefile b/www/zope29/Makefile
index 628f4def60a9..3534415e4fd5 100644
--- a/www/zope29/Makefile
+++ b/www/zope29/Makefile
@@ -7,11 +7,13 @@
 
 PORTNAME=	zope
 PORTVERSION=	2.5.0
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	www python zope
-MASTER_SITES=	http://www.zope.org/Products/Zope/${PORTVERSION}/
+MASTER_SITES=	http://www.zope.org/Products/Zope/${PORTVERSION}/ \
+		http://www.zope.org/Products/Zope/Hotfix_2002-03-01/
 DISTNAME=	Zope-${PORTVERSION}-src
-EXTRACT_SUFX=	.tgz
+DISTFILES=	${DISTNAME}.tgz \
+		Hotfix_2002-03-01.tgz
 
 PATCHFILES=	Zope-2.5.0-unix-security.patch
 PATCH_DIST_STRIP=	-p1
@@ -27,6 +29,7 @@ PYTHON_VERSION=	python2.1
 DIST_SUBDIR=	zope
 
 post-patch:
+	@${CP} -Rp ${WRKDIR}/lib ${WRKSRC}
 	@${FIND} ${WRKSRC} -name \*.orig -exec ${RM} {} \;
 
 # Build has to be done in the final location after installing the sources
diff --git a/www/zope29/distinfo b/www/zope29/distinfo
index ccc2d7347473..8fe20e1dea7b 100644
--- a/www/zope29/distinfo
+++ b/www/zope29/distinfo
@@ -1,2 +1,3 @@
 MD5 (zope/Zope-2.5.0-src.tgz) = 105bb1f9d90478596cc929164ef385e3
+MD5 (zope/Hotfix_2002-03-01.tgz) = 4bb8d96a7dd5a93a3fe2e0b9f37632e7
 MD5 (zope/Zope-2.5.0-unix-security.patch) = 87f3dceb08aa3bcede5bf521c9cdd328
diff --git a/www/zope29/pkg-plist b/www/zope29/pkg-plist
index 79b208db05a8..a197c16a7173 100644
--- a/www/zope29/pkg-plist
+++ b/www/zope29/pkg-plist
@@ -833,6 +833,9 @@ etc/rc.d/zope.sh
 %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/help/ExternalMethod.pyc
 %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/version.txt
 %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www/function.gif
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_2002-03-01/README.txt
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_2002-03-01/__init__.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_2002-03-01/__init__.pyc
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt
@@ -2444,6 +2447,7 @@ etc/rc.d/zope.sh
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost/dtml
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools
+@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_2002-03-01
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/help
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/dtml
-- 
cgit v1.2.3