Wed Apr 29 14:11:09 2015 UTC ()
Fix CVE-2015-1397, CVE-2015-1398 & CVE-2015-1399 via upstream patches.
Implement way to apply upstream patches using PATCHFILES.
Bump PKGREVISION.


(fhajny)
diff -r1.1 -r1.2 pkgsrc/finance/magento/Makefile
diff -r1.1 -r1.2 pkgsrc/finance/magento/PLIST
diff -r1.1 -r1.2 pkgsrc/finance/magento/distinfo
cvs diff -r1.1 -r1.2 pkgsrc/finance/magento/Makefile (expand / switch to unified diff)

--- pkgsrc/finance/magento/Makefile 2014/12/12 12:52:47 1.1
+++ pkgsrc/finance/magento/Makefile 2015/04/29 14:11:09 1.2
@@ -1,82 +1,98 @@ @@ -1,82 +1,98 @@
1# $NetBSD: Makefile,v 1.1 2014/12/12 12:52:47 fhajny Exp $ 1# $NetBSD: Makefile,v 1.2 2015/04/29 14:11:09 fhajny Exp $
2 2
3DISTNAME= magento-1.9.1.0 3DISTNAME= magento-1.9.1.0
 4PKGREVISION= 1
4CATEGORIES= www finance 5CATEGORIES= www finance
5MASTER_SITES= http://www.magentocommerce.com/downloads/assets/${PKGVERSION_NOREV}/ 6MASTER_SITES= http://www.magentocommerce.com/downloads/assets/${PKGVERSION_NOREV}/
6 7
7MAINTAINER= filip@joyent.com 8MAINTAINER= filip@joyent.com
8HOMEPAGE= http://www.magentocommerce.com/ 9HOMEPAGE= http://www.magentocommerce.com/
9COMMENT= Feature-rich eCommerce platform 10COMMENT= Feature-rich eCommerce platform
10LICENSE= osl 11LICENSE= osl
11 12
 13DIST_SUBDIR= magento
 14PATCH_SITES= http://www.magentocommerce.com/downloads/assets/ce_patches/
 15PATCHFILES= PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh
 16PATCHFILES+= PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh
 17
12DEPENDS+= ${PHP_PKG_PREFIX}-curl-[0-9]*:../../www/php-curl 18DEPENDS+= ${PHP_PKG_PREFIX}-curl-[0-9]*:../../www/php-curl
13DEPENDS+= ${PHP_PKG_PREFIX}-dom-[0-9]*:../../textproc/php-dom 19DEPENDS+= ${PHP_PKG_PREFIX}-dom-[0-9]*:../../textproc/php-dom
14DEPENDS+= ${PHP_PKG_PREFIX}-gd-[0-9]*:../../graphics/php-gd 20DEPENDS+= ${PHP_PKG_PREFIX}-gd-[0-9]*:../../graphics/php-gd
15DEPENDS+= ${PHP_PKG_PREFIX}-iconv-[0-9]*:../../converters/php-iconv 21DEPENDS+= ${PHP_PKG_PREFIX}-iconv-[0-9]*:../../converters/php-iconv
16DEPENDS+= ${PHP_PKG_PREFIX}-json-[0-9]*:../../textproc/php-json 22DEPENDS+= ${PHP_PKG_PREFIX}-json-[0-9]*:../../textproc/php-json
17DEPENDS+= ${PHP_PKG_PREFIX}-mcrypt-[0-9]*:../../security/php-mcrypt 23DEPENDS+= ${PHP_PKG_PREFIX}-mcrypt-[0-9]*:../../security/php-mcrypt
18DEPENDS+= ${PHP_PKG_PREFIX}-mysql-[0-9]*:../../databases/php-mysql 24DEPENDS+= ${PHP_PKG_PREFIX}-mysql-[0-9]*:../../databases/php-mysql
19DEPENDS+= ${PHP_PKG_PREFIX}-pdo_mysql-[0-9]*:../../databases/php-pdo_mysql 25DEPENDS+= ${PHP_PKG_PREFIX}-pdo_mysql-[0-9]*:../../databases/php-pdo_mysql
20DEPENDS+= ${PHP_PKG_PREFIX}-soap-[0-9]*:../../net/php-soap 26DEPENDS+= ${PHP_PKG_PREFIX}-soap-[0-9]*:../../net/php-soap
21DEPENDS+= ${PHP_PKG_PREFIX}-zlib-[0-9]*:../../archivers/php-zlib 27DEPENDS+= ${PHP_PKG_PREFIX}-zlib-[0-9]*:../../archivers/php-zlib
22 28
23WRKSRC= ${WRKDIR}/magento 29WRKSRC= ${WRKDIR}/magento
24 30
25USE_LANGUAGES= # none 31USE_LANGUAGES= # none
26USE_TOOLS+= pax 32USE_TOOLS+= date pax
27NO_BUILD= yes 33NO_BUILD= yes
28 34
29.include "../../lang/php/phpversion.mk" 35.include "../../lang/php/phpversion.mk"
30 36
31.include "../../mk/bsd.prefs.mk" 37.include "../../mk/bsd.prefs.mk"
32 38
33BUILD_DEFS+= VARBASE MAGENTO_DIR MAGENTO_OWN MAGENTO_GRP 39BUILD_DEFS+= VARBASE MAGENTO_DIR MAGENTO_OWN MAGENTO_GRP
34 40
35MAGENTO_DIR?= ${VARBASE}/magento 41MAGENTO_DIR?= ${VARBASE}/magento
36MAGENTO_OWN?= ${APACHE_USER} 42MAGENTO_OWN?= ${APACHE_USER}
37MAGENTO_GRP?= ${APACHE_GROUP} 43MAGENTO_GRP?= ${APACHE_GROUP}
38 44
39PKG_USERS_VARS= MAGENTO_OWN 45PKG_USERS_VARS= MAGENTO_OWN
40PKG_GROUPS_VARS+= MAGENTO_GRP 46PKG_GROUPS_VARS+= MAGENTO_GRP
41PKG_GROUPS= ${MAGENTO_GRP} 47PKG_GROUPS= ${MAGENTO_GRP}
42PKG_USERS= ${MAGENTO_OWN}:${MAGENTO_GRP} 48PKG_USERS= ${MAGENTO_OWN}:${MAGENTO_GRP}
43 49
44MODULEFILES= Cm_RedisSession.xml Mage_All.xml Mage_Api.xml Mage_Api2.xml \ 50MODULEFILES= Cm_RedisSession.xml Mage_All.xml Mage_Api.xml Mage_Api2.xml \
45 Mage_Authorizenet.xml Mage_Bundle.xml Mage_Captcha.xml \ 51 Mage_Authorizenet.xml Mage_Bundle.xml Mage_Captcha.xml \
46 Mage_Centinel.xml Mage_Compiler.xml Mage_Connect.xml \ 52 Mage_Centinel.xml Mage_Compiler.xml Mage_Connect.xml \
47 Mage_CurrencySymbol.xml Mage_Downloadable.xml \ 53 Mage_CurrencySymbol.xml Mage_Downloadable.xml \
48 Mage_ImportExport.xml Mage_Oauth.xml Mage_PageCache.xml \ 54 Mage_ImportExport.xml Mage_Oauth.xml Mage_PageCache.xml \
49 Mage_Persistent.xml Mage_Weee.xml Mage_Widget.xml \ 55 Mage_Persistent.xml Mage_Weee.xml Mage_Widget.xml \
50 Mage_XmlConnect.xml Phoenix_Moneybookers.xml 56 Mage_XmlConnect.xml Phoenix_Moneybookers.xml
51 57
 58CONF_FILES_PERMS+= share/examples/magento/applied.patches.list \
 59 ${PKG_SYSCONFDIR}/applied.patches.list \
 60 ${MAGENTO_OWN} ${MAGENTO_GRP} 0640
52CONF_FILES_PERMS+= share/examples/magento/local.xml.template \ 61CONF_FILES_PERMS+= share/examples/magento/local.xml.template \
53 ${PKG_SYSCONFDIR}/local.xml.template \ 62 ${PKG_SYSCONFDIR}/local.xml.template \
54 ${MAGENTO_OWN} ${MAGENTO_GRP} 0640 63 ${MAGENTO_OWN} ${MAGENTO_GRP} 0640
55CONF_FILES_PERMS+= share/examples/magento/config.xml \ 64CONF_FILES_PERMS+= share/examples/magento/config.xml \
56 ${PKG_SYSCONFDIR}/config.xml \ 65 ${PKG_SYSCONFDIR}/config.xml \
57 ${MAGENTO_OWN} ${MAGENTO_GRP} 0640 66 ${MAGENTO_OWN} ${MAGENTO_GRP} 0640
58.for file in ${MODULEFILES} 67.for file in ${MODULEFILES}
59CONF_FILES_PERMS+= share/examples/magento/modules/${file} \ 68CONF_FILES_PERMS+= share/examples/magento/modules/${file} \
60 ${PKG_SYSCONFDIR}/modules/${file} \ 69 ${PKG_SYSCONFDIR}/modules/${file} \
61 ${MAGENTO_OWN} ${MAGENTO_GRP} 0640 70 ${MAGENTO_OWN} ${MAGENTO_GRP} 0640
62.endfor 71.endfor
63 72
64FILES_SUBST+= MAGENTO_OWN=${MAGENTO_OWN} MAGENTO_GRP=${MAGENTO_GRP} 73FILES_SUBST+= MAGENTO_OWN=${MAGENTO_OWN} MAGENTO_GRP=${MAGENTO_GRP}
65INSTALLATION_DIRS+= share/examples/magento share/magento 74INSTALLATION_DIRS+= share/examples/magento share/magento
66PKG_SYSCONFSUBDIR= magento 75PKG_SYSCONFSUBDIR= magento
67PKG_SYSCONFDIR_PERMS= ${MAGENTO_OWN} ${MAGENTO_GRP} 0750 76PKG_SYSCONFDIR_PERMS= ${MAGENTO_OWN} ${MAGENTO_GRP} 0750
68MAKE_DIRS_PERMS+= ${PKG_SYSCONFDIR}/modules ${MAGENTO_OWN} ${MAGENTO_GRP} 0750 77MAKE_DIRS_PERMS+= ${PKG_SYSCONFDIR}/modules ${MAGENTO_OWN} ${MAGENTO_GRP} 0750
69OWN_DIRS_PERMS+= ${MAGENTO_DIR} ${MAGENTO_OWN} ${MAGENTO_GRP} 0750 78OWN_DIRS_PERMS+= ${MAGENTO_DIR} ${MAGENTO_OWN} ${MAGENTO_GRP} 0750
70 79
 80# Make note of the patches applied, same way the upstream patch scripts do
 81post-patch:
 82.for file in ${PATCHFILES}
 83 ${ECHO_N} `${DATE} -u +"%F %T UTC"`' | ' >> ${WRKSRC}/app/etc/applied.patches.list
 84 ${GREP} '^SUPEE-' ${DISTDIR}/${DIST_SUBDIR}/${file} >> ${WRKSRC}/app/etc/applied.patches.list
 85.endfor
 86
71do-install: 87do-install:
72 cd ${WRKSRC} && pax -rw -p pp * ${DESTDIR}${PREFIX}/share/magento 88 cd ${WRKSRC} && pax -rw -p pp * ${DESTDIR}${PREFIX}/share/magento
73 cd ${DESTDIR}${PREFIX}/share/magento/app/etc && \ 89 cd ${DESTDIR}${PREFIX}/share/magento/app/etc && \
74 ${MV} * ${DESTDIR}${PREFIX}/share/examples/magento 90 ${MV} * ${DESTDIR}${PREFIX}/share/examples/magento
75 ${CHMOD} -R g+w ${DESTDIR}${PREFIX}/share/magento/media 91 ${CHMOD} -R g+w ${DESTDIR}${PREFIX}/share/magento/media
76 ${CHMOD} -R g+w ${DESTDIR}${PREFIX}/share/examples/magento 92 ${CHMOD} -R g+w ${DESTDIR}${PREFIX}/share/examples/magento
77 ${RM} -rf ${DESTDIR}${PREFIX}/share/magento/app/etc 93 ${RM} -rf ${DESTDIR}${PREFIX}/share/magento/app/etc
78 ${RM} -rf ${DESTDIR}${PREFIX}/share/magento/var 94 ${RM} -rf ${DESTDIR}${PREFIX}/share/magento/var
79 ${LN} -sf ${PKG_SYSCONFDIR} ${DESTDIR}${PREFIX}/share/magento/app/etc 95 ${LN} -sf ${PKG_SYSCONFDIR} ${DESTDIR}${PREFIX}/share/magento/app/etc
80 ${LN} -sf ${MAGENTO_DIR} ${DESTDIR}${PREFIX}/share/magento/var 96 ${LN} -sf ${MAGENTO_DIR} ${DESTDIR}${PREFIX}/share/magento/var
81 97
82.include "../../mk/bsd.pkg.mk" 98.include "../../mk/bsd.pkg.mk"
cvs diff -r1.1 -r1.2 pkgsrc/finance/magento/PLIST (expand / switch to unified diff)

--- pkgsrc/finance/magento/PLIST 2014/12/12 12:52:47 1.1
+++ pkgsrc/finance/magento/PLIST 2015/04/29 14:11:09 1.2
@@ -1,14 +1,15 @@ @@ -1,14 +1,15 @@
1@comment $NetBSD: PLIST,v 1.1 2014/12/12 12:52:47 fhajny Exp $ 1@comment $NetBSD: PLIST,v 1.2 2015/04/29 14:11:09 fhajny Exp $
 2share/examples/magento/applied.patches.list
2share/examples/magento/config.xml 3share/examples/magento/config.xml
3share/examples/magento/local.xml.additional 4share/examples/magento/local.xml.additional
4share/examples/magento/local.xml.template 5share/examples/magento/local.xml.template
5share/examples/magento/modules/Cm_RedisSession.xml 6share/examples/magento/modules/Cm_RedisSession.xml
6share/examples/magento/modules/Mage_All.xml 7share/examples/magento/modules/Mage_All.xml
7share/examples/magento/modules/Mage_Api.xml 8share/examples/magento/modules/Mage_Api.xml
8share/examples/magento/modules/Mage_Api2.xml 9share/examples/magento/modules/Mage_Api2.xml
9share/examples/magento/modules/Mage_Authorizenet.xml 10share/examples/magento/modules/Mage_Authorizenet.xml
10share/examples/magento/modules/Mage_Bundle.xml 11share/examples/magento/modules/Mage_Bundle.xml
11share/examples/magento/modules/Mage_Captcha.xml 12share/examples/magento/modules/Mage_Captcha.xml
12share/examples/magento/modules/Mage_Centinel.xml 13share/examples/magento/modules/Mage_Centinel.xml
13share/examples/magento/modules/Mage_Compiler.xml 14share/examples/magento/modules/Mage_Compiler.xml
14share/examples/magento/modules/Mage_ConfigurableSwatches.xml 15share/examples/magento/modules/Mage_ConfigurableSwatches.xml
cvs diff -r1.1 -r1.2 pkgsrc/finance/magento/distinfo (expand / switch to unified diff)

--- pkgsrc/finance/magento/distinfo 2014/12/12 12:52:47 1.1
+++ pkgsrc/finance/magento/distinfo 2015/04/29 14:11:09 1.2
@@ -1,5 +1,11 @@ @@ -1,5 +1,11 @@
1$NetBSD: distinfo,v 1.1 2014/12/12 12:52:47 fhajny Exp $ 1$NetBSD: distinfo,v 1.2 2015/04/29 14:11:09 fhajny Exp $
2 2
3SHA1 (magento-1.9.1.0.tar.gz) = 4f7064f4a5bc46298979e8b37208be6fdaf20002 3SHA1 (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = ed08f33cfc8a35c0c38d9264bb94723d6a544450
4RMD160 (magento-1.9.1.0.tar.gz) = c2d3913ada02bcf2352643f65e859060c247a967 4RMD160 (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = bd9729743ccc4c028b5354f06f669b142edd3815
5Size (magento-1.9.1.0.tar.gz) = 23822215 bytes 5Size (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = 6173 bytes
 6SHA1 (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 56619b0244c86c07ebce84b88cc0f4d4ff8ec885
 7RMD160 (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 079e5191f484ad9682da45e3a0ce078ecba4ab6d
 8Size (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 10551 bytes
 9SHA1 (magento/magento-1.9.1.0.tar.gz) = 4f7064f4a5bc46298979e8b37208be6fdaf20002
 10RMD160 (magento/magento-1.9.1.0.tar.gz) = c2d3913ada02bcf2352643f65e859060c247a967
 11Size (magento/magento-1.9.1.0.tar.gz) = 23822215 bytes