From 639d5828b178f88ade5f6862b2fcd27c7f9d31dd Mon Sep 17 00:00:00 2001
From: nbm <nbm@FreeBSD.org>
Date: Sat, 23 Mar 2002 10:04:29 +0000
Subject: Implement the HotFix described at
 http://www.zope.org/Products/Zope/Hotfix_2002-03-01/README.txt which says:

``The issue involves the checking of security for objects with proxy
  roles. The context of the owner user that created the object with
  proxy roles was not being taken into account when determining access
  to the object with proxy roles. This flaw could allow users defined
  in subfolders of a site with sufficient privileges to access objects
  at higher levels in the site that they would not normally be able to
  access.''

PR:		36103
Submitted by:	HAYASHI Yasushi <yasi@yasi.to>
---
 www/zope29/Makefile  | 9 ++++++---
 www/zope29/distinfo  | 1 +
 www/zope29/pkg-plist | 4 ++++
 3 files changed, 11 insertions(+), 3 deletions(-)

(limited to 'www/zope29')

diff --git a/www/zope29/Makefile b/www/zope29/Makefile
index 628f4def60a..3534415e4fd 100644
--- a/www/zope29/Makefile
+++ b/www/zope29/Makefile
@@ -7,11 +7,13 @@
 
 PORTNAME=	zope
 PORTVERSION=	2.5.0
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	www python zope
-MASTER_SITES=	http://www.zope.org/Products/Zope/${PORTVERSION}/
+MASTER_SITES=	http://www.zope.org/Products/Zope/${PORTVERSION}/ \
+		http://www.zope.org/Products/Zope/Hotfix_2002-03-01/
 DISTNAME=	Zope-${PORTVERSION}-src
-EXTRACT_SUFX=	.tgz
+DISTFILES=	${DISTNAME}.tgz \
+		Hotfix_2002-03-01.tgz
 
 PATCHFILES=	Zope-2.5.0-unix-security.patch
 PATCH_DIST_STRIP=	-p1
@@ -27,6 +29,7 @@ PYTHON_VERSION=	python2.1
 DIST_SUBDIR=	zope
 
 post-patch:
+	@${CP} -Rp ${WRKDIR}/lib ${WRKSRC}
 	@${FIND} ${WRKSRC} -name \*.orig -exec ${RM} {} \;
 
 # Build has to be done in the final location after installing the sources
diff --git a/www/zope29/distinfo b/www/zope29/distinfo
index ccc2d734747..8fe20e1dea7 100644
--- a/www/zope29/distinfo
+++ b/www/zope29/distinfo
@@ -1,2 +1,3 @@
 MD5 (zope/Zope-2.5.0-src.tgz) = 105bb1f9d90478596cc929164ef385e3
+MD5 (zope/Hotfix_2002-03-01.tgz) = 4bb8d96a7dd5a93a3fe2e0b9f37632e7
 MD5 (zope/Zope-2.5.0-unix-security.patch) = 87f3dceb08aa3bcede5bf521c9cdd328
diff --git a/www/zope29/pkg-plist b/www/zope29/pkg-plist
index 79b208db05a..a197c16a717 100644
--- a/www/zope29/pkg-plist
+++ b/www/zope29/pkg-plist
@@ -833,6 +833,9 @@ etc/rc.d/zope.sh
 %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/help/ExternalMethod.pyc
 %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/version.txt
 %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www/function.gif
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_2002-03-01/README.txt
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_2002-03-01/__init__.py
+%%ZOPEBASEDIR%%/lib/python/Products/Hotfix_2002-03-01/__init__.pyc
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.py
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/MIMETag.pyc
 %%ZOPEBASEDIR%%/lib/python/Products/MIMETools/README.txt
@@ -2444,6 +2447,7 @@ etc/rc.d/zope.sh
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost/dtml
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MailHost
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/MIMETools
+@dirrm %%ZOPEBASEDIR%%/lib/python/Products/Hotfix_2002-03-01
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/www
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/help
 @dirrm %%ZOPEBASEDIR%%/lib/python/Products/ExternalMethod/dtml
-- 
cgit