Update to 0.9.3.

Security fixes are included:
* security fix: disallow bad "content-type" input [CAN-2004-1062]
* security fix: disallow bad "sortby" and "cvsroot" input [CAN-2002-0771]
* security fix: omit forbidden/hidden modules from tarballs [CAN-2004-0915]

PR:		83753
Submitted by:	Vsevolod Stakhov <vsevolod@highsecure.ru>

6 files changed, 8 insertions, 84 deletions

diff --git a/devel/viewcvs/Makefile b/devel/viewcvs/Makefile
index c3d584ad2056..050395520e4f 100644
--- a/devel/viewcvs/Makefile
+++ b/devel/viewcvs/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	viewcvs
-PORTVERSION=	0.9.2
-PORTREVISION=	3
+PORTVERSION=	0.9.3
 CATEGORIES=	devel python
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -22,7 +21,7 @@ INSTDIR?=	${PORTNAME}-${PORTVERSION}
 PLIST_SUB=	INSTDIR=${INSTDIR}
 
 do-install:
-	@ cd ${WRKSRC} && INSTDIR=${PREFIX}/${INSTDIR} ${PYTHON_CMD} viewcvs-install
+	@(cd ${WRKSRC} && INSTDIR=${PREFIX}/${INSTDIR} ${PYTHON_CMD} viewcvs-install)
 
 post-install:
 	@ ${SED} -e "s:%%INSTDIR%%:${PREFIX}/${INSTDIR}:g" ${MASTERDIR}/pkg-message >${PKGMESSAGE}
diff --git a/devel/viewcvs/distinfo b/devel/viewcvs/distinfo
index eaf830f6c309..59a623d90283 100644
--- a/devel/viewcvs/distinfo
+++ b/devel/viewcvs/distinfo
@@ -1,2 +1,2 @@
-MD5 (viewcvs-0.9.2.tar.gz) = c7857b1ed05240ad1f691ea40044daf2
-SIZE (viewcvs-0.9.2.tar.gz) = 140063
+MD5 (viewcvs-0.9.3.tar.gz) = 8be527279feaaa6ecf184bcf714e2f22
+SIZE (viewcvs-0.9.3.tar.gz) = 140215
diff --git a/devel/viewcvs/files/patch-CAN-2004-0915 b/devel/viewcvs/files/patch-CAN-2004-0915
deleted file mode 100644
index 6e150bc53438..000000000000
--- a/devel/viewcvs/files/patch-CAN-2004-0915
+++ /dev/null
@@ -1,37 +0,0 @@
---- lib/viewcvs.py.orig	2004-10-20 15:03:41.000000000 +0200
-+++ lib/viewcvs.py	2004-10-20 16:37:35.000000000 +0200
-@@ -2455,10 +2455,17 @@ def generate_tarball_header(out, name, s
- def generate_tarball(out, relative, directory, tag, stack=[]):
-   subdirs = [ ]
-   rcs_files = [ ]
-+  if relative == 'CVSROOT' and cfg.options.hide_cvsroot:
-+    return
-+
-   for file, pathname, isdir in get_file_data(directory):
-     if pathname == _UNREADABLE_MARKER:
-       continue
-     if isdir:
-+      if file == 'CVSROOT' and relative.find('/') == -1 and cfg.options.hide_cvsroot:
-+        continue
-+      if relative.find('/') == -1 and cfg.is_forbidden(file):
-+        continue
-       subdirs.append(file)
-     else:
-       rcs_files.append(file)
-@@ -2583,6 +2590,16 @@ def main():
-            '</body></html>\n')
-     return
- 
-+  if where == 'CVSROOT' and cfg.options.hide_cvsroot:
-+    print "Status: 400"
-+    http_header()
-+    print ('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n'
-+           '<html><head>\n<title>400 Bad Request</title>\n'
-+           '</head><body>\n'
-+           '<H1>Bad Request</H1>\n Listing of CVSROOT is disallowed.<p>\n'
-+           '</body></html>\n')
-+    return
-+
-   ### look for GZIP binary
- 
-   # if we have a directory and the request didn't end in "/", then redirect
diff --git a/devel/viewvc/Makefile b/devel/viewvc/Makefile
index c3d584ad2056..050395520e4f 100644
--- a/devel/viewvc/Makefile
+++ b/devel/viewvc/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	viewcvs
-PORTVERSION=	0.9.2
-PORTREVISION=	3
+PORTVERSION=	0.9.3
 CATEGORIES=	devel python
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -22,7 +21,7 @@ INSTDIR?=	${PORTNAME}-${PORTVERSION}
 PLIST_SUB=	INSTDIR=${INSTDIR}
 
 do-install:
-	@ cd ${WRKSRC} && INSTDIR=${PREFIX}/${INSTDIR} ${PYTHON_CMD} viewcvs-install
+	@(cd ${WRKSRC} && INSTDIR=${PREFIX}/${INSTDIR} ${PYTHON_CMD} viewcvs-install)
 
 post-install:
 	@ ${SED} -e "s:%%INSTDIR%%:${PREFIX}/${INSTDIR}:g" ${MASTERDIR}/pkg-message >${PKGMESSAGE}
diff --git a/devel/viewvc/distinfo b/devel/viewvc/distinfo
index eaf830f6c309..59a623d90283 100644
--- a/devel/viewvc/distinfo
+++ b/devel/viewvc/distinfo
@@ -1,2 +1,2 @@
-MD5 (viewcvs-0.9.2.tar.gz) = c7857b1ed05240ad1f691ea40044daf2
-SIZE (viewcvs-0.9.2.tar.gz) = 140063
+MD5 (viewcvs-0.9.3.tar.gz) = 8be527279feaaa6ecf184bcf714e2f22
+SIZE (viewcvs-0.9.3.tar.gz) = 140215
diff --git a/devel/viewvc/files/patch-CAN-2004-0915 b/devel/viewvc/files/patch-CAN-2004-0915
deleted file mode 100644
index 6e150bc53438..000000000000
--- a/devel/viewvc/files/patch-CAN-2004-0915
+++ /dev/null
@@ -1,37 +0,0 @@
---- lib/viewcvs.py.orig	2004-10-20 15:03:41.000000000 +0200
-+++ lib/viewcvs.py	2004-10-20 16:37:35.000000000 +0200
-@@ -2455,10 +2455,17 @@ def generate_tarball_header(out, name, s
- def generate_tarball(out, relative, directory, tag, stack=[]):
-   subdirs = [ ]
-   rcs_files = [ ]
-+  if relative == 'CVSROOT' and cfg.options.hide_cvsroot:
-+    return
-+
-   for file, pathname, isdir in get_file_data(directory):
-     if pathname == _UNREADABLE_MARKER:
-       continue
-     if isdir:
-+      if file == 'CVSROOT' and relative.find('/') == -1 and cfg.options.hide_cvsroot:
-+        continue
-+      if relative.find('/') == -1 and cfg.is_forbidden(file):
-+        continue
-       subdirs.append(file)
-     else:
-       rcs_files.append(file)
-@@ -2583,6 +2590,16 @@ def main():
-            '</body></html>\n')
-     return
- 
-+  if where == 'CVSROOT' and cfg.options.hide_cvsroot:
-+    print "Status: 400"
-+    http_header()
-+    print ('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n'
-+           '<html><head>\n<title>400 Bad Request</title>\n'
-+           '</head><body>\n'
-+           '<H1>Bad Request</H1>\n Listing of CVSROOT is disallowed.<p>\n'
-+           '</body></html>\n')
-+    return
-+
-   ### look for GZIP binary
- 
-   # if we have a directory and the request didn't end in "/", then redirect