Wed Apr 29 14:11:09 2015 UTC ()
Fix CVE-2015-1397, CVE-2015-1398 & CVE-2015-1399 via upstream patches.
Implement way to apply upstream patches using PATCHFILES.
Bump PKGREVISION.
(fhajny)
diff -r1.1 -r1.2 pkgsrc/finance/magento/Makefile
diff -r1.1 -r1.2 pkgsrc/finance/magento/PLIST
diff -r1.1 -r1.2 pkgsrc/finance/magento/distinfo
--- pkgsrc/finance/magento/Makefile 2014/12/12 12:52:47 1.1
+++ pkgsrc/finance/magento/Makefile 2015/04/29 14:11:09 1.2
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1 2014/12/12 12:52:47 fhajny Exp $
+# $NetBSD: Makefile,v 1.2 2015/04/29 14:11:09 fhajny Exp $
DISTNAME= magento-1.9.1.0
+PKGREVISION= 1
CATEGORIES= www finance
MASTER_SITES= http://www.magentocommerce.com/downloads/assets/${PKGVERSION_NOREV}/
@@ -9,6 +10,11 @@
COMMENT= Feature-rich eCommerce platform
LICENSE= osl
+DIST_SUBDIR= magento
+PATCH_SITES= http://www.magentocommerce.com/downloads/assets/ce_patches/
+PATCHFILES= PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh
+PATCHFILES+= PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh
+
DEPENDS+= ${PHP_PKG_PREFIX}-curl-[0-9]*:../../www/php-curl
DEPENDS+= ${PHP_PKG_PREFIX}-dom-[0-9]*:../../textproc/php-dom
DEPENDS+= ${PHP_PKG_PREFIX}-gd-[0-9]*:../../graphics/php-gd
@@ -23,7 +29,7 @@
WRKSRC= ${WRKDIR}/magento
USE_LANGUAGES= # none
-USE_TOOLS+= pax
+USE_TOOLS+= date pax
NO_BUILD= yes
.include "../../lang/php/phpversion.mk"
@@ -49,6 +55,9 @@
Mage_Persistent.xml Mage_Weee.xml Mage_Widget.xml \
Mage_XmlConnect.xml Phoenix_Moneybookers.xml
+CONF_FILES_PERMS+= share/examples/magento/applied.patches.list \
+ ${PKG_SYSCONFDIR}/applied.patches.list \
+ ${MAGENTO_OWN} ${MAGENTO_GRP} 0640
CONF_FILES_PERMS+= share/examples/magento/local.xml.template \
${PKG_SYSCONFDIR}/local.xml.template \
${MAGENTO_OWN} ${MAGENTO_GRP} 0640
@@ -67,6 +76,13 @@
PKG_SYSCONFDIR_PERMS= ${MAGENTO_OWN} ${MAGENTO_GRP} 0750
MAKE_DIRS_PERMS+= ${PKG_SYSCONFDIR}/modules ${MAGENTO_OWN} ${MAGENTO_GRP} 0750
OWN_DIRS_PERMS+= ${MAGENTO_DIR} ${MAGENTO_OWN} ${MAGENTO_GRP} 0750
+
+# Make note of the patches applied, same way the upstream patch scripts do
+post-patch:
+.for file in ${PATCHFILES}
+ ${ECHO_N} `${DATE} -u +"%F %T UTC"`' | ' >> ${WRKSRC}/app/etc/applied.patches.list
+ ${GREP} '^SUPEE-' ${DISTDIR}/${DIST_SUBDIR}/${file} >> ${WRKSRC}/app/etc/applied.patches.list
+.endfor
do-install:
cd ${WRKSRC} && pax -rw -p pp * ${DESTDIR}${PREFIX}/share/magento
--- pkgsrc/finance/magento/PLIST 2014/12/12 12:52:47 1.1
+++ pkgsrc/finance/magento/PLIST 2015/04/29 14:11:09 1.2
@@ -1,4 +1,5 @@
-@comment $NetBSD: PLIST,v 1.1 2014/12/12 12:52:47 fhajny Exp $
+@comment $NetBSD: PLIST,v 1.2 2015/04/29 14:11:09 fhajny Exp $
+share/examples/magento/applied.patches.list
share/examples/magento/config.xml
share/examples/magento/local.xml.additional
share/examples/magento/local.xml.template
--- pkgsrc/finance/magento/distinfo 2014/12/12 12:52:47 1.1
+++ pkgsrc/finance/magento/distinfo 2015/04/29 14:11:09 1.2
@@ -1,5 +1,11 @@
-$NetBSD: distinfo,v 1.1 2014/12/12 12:52:47 fhajny Exp $
+$NetBSD: distinfo,v 1.2 2015/04/29 14:11:09 fhajny Exp $
-SHA1 (magento-1.9.1.0.tar.gz) = 4f7064f4a5bc46298979e8b37208be6fdaf20002
+SHA1 (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = ed08f33cfc8a35c0c38d9264bb94723d6a544450
-RMD160 (magento-1.9.1.0.tar.gz) = c2d3913ada02bcf2352643f65e859060c247a967
+RMD160 (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = bd9729743ccc4c028b5354f06f669b142edd3815
-Size (magento-1.9.1.0.tar.gz) = 23822215 bytes
+Size (magento/PATCH_SUPEE-4829_EE_1.14.1.0_v1.sh) = 6173 bytes
+SHA1 (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 56619b0244c86c07ebce84b88cc0f4d4ff8ec885
+RMD160 (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 079e5191f484ad9682da45e3a0ce078ecba4ab6d
+Size (magento/PATCH_SUPEE-5344_CE_1.8.0.0_v1.sh) = 10551 bytes
+SHA1 (magento/magento-1.9.1.0.tar.gz) = 4f7064f4a5bc46298979e8b37208be6fdaf20002
+RMD160 (magento/magento-1.9.1.0.tar.gz) = c2d3913ada02bcf2352643f65e859060c247a967
+Size (magento/magento-1.9.1.0.tar.gz) = 23822215 bytes