Summary: | [security][patch] www/drupal7: update to 7.31 | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Simon Wright <simon.wright> | ||||||||||
Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||||||||
Status: | Closed FIXED | ||||||||||||
Severity: | Affects Only Me | CC: | antiduh, pi, simon.wright | ||||||||||
Priority: | --- | ||||||||||||
Version: | Latest | ||||||||||||
Hardware: | Any | ||||||||||||
OS: | Any | ||||||||||||
Attachments: |
|
Description
Simon Wright
2014-07-24 21:18:05 UTC
Created attachment 144947 [details]
Corrected patch
over to maintainer OBE, version 7.31 was released today, which is another security vulnerability fix: https://www.drupal.org/drupal-7.31-release-notes Created attachment 145435 [details]
Patch for 7.31
Comment on attachment 145435 [details] Patch for 7.31 >Index: Makefile >=================================================================== >--- Makefile (revision 364242) >+++ Makefile (working copy) >@@ -2,8 +2,7 @@ > # $FreeBSD$ > > PORTNAME= drupal7 >-PORTVERSION= 7.28 >-PORTREVISION= 1 >+PORTVERSION= 7.31 > CATEGORIES= www > MASTER_SITES= http://ftp.drupal.org/files/projects/ > DISTNAME= drupal-${PORTVERSION} >Index: distinfo >=================================================================== >--- distinfo (revision 364242) >+++ distinfo (working copy) >@@ -1,2 +1,2 @@ >-SHA256 (drupal/drupal-7.28.tar.gz) = 941b6de8978d215c95fe6f8466e3cb212f16647de93b38bbc41df020fd6e5eaa >-SIZE (drupal/drupal-7.28.tar.gz) = 3212823 >+SHA256 (drupal/drupal-7.31.tar.gz) = 6af4849fd2e1fd0a186a5264de10613e57b84c69dbe7dec0754472d27f37af40 >+SIZE (drupal/drupal-7.31.tar.gz) = 3216766 Created attachment 145436 [details]
Patch for 7.31, round 2.
Fixed the patch to account for changes in installed files. Yay staging! Passes 'make check-plist'.
(In reply to Kevin Thompson from comment #6) > Created attachment 145436 [details] > Patch for 7.31, round 2. > > Fixed the patch to account for changes in installed files. Yay staging! > Passes 'make check-plist'. Hi Kevin I was wondering where you saw the plist issue? If I do make check-plist on the package with just the distfile and version changes it passes, no issues found: <snipped> ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist ===> Checking for directories owned by MTREEs ===> Checking for directories handled by dependencies ===> Checking for items in pkg-plist which are not in STAGEDIR ===> No pkg-plist issues found (check-plist) Poudriere testport also completes successfully with no errors logged. Cheers Simon. When I last tested this, `make check-plist` failed without this change to the plist: > -%%DRUPAL_BASE%%/modules/help/help.api.php I just redownloaded the source and indeed, that file is still missing: > angst(/usr/ports/www/drupal7/work/drupal-7.31/modules/help) # ll > total 22 > -rw-r--r-- 1 root wheel 133B Aug 6 13:14 help-rtl.css > -rw-r--r-- 1 root wheel 2.5K Aug 6 13:14 help.admin.inc > -rw-r--r-- 1 root wheel 138B Aug 6 13:14 help.css > -rw-r--r-- 1 root wheel 254B Aug 6 13:33 help.info > -rw-r--r-- 1 root wheel 4.2K Aug 6 13:14 help.module > -rw-r--r-- 1 root wheel 4.4K Aug 6 13:14 help.test > And indeed, that file is still in the plist in svn: > # svn revert pkg-plist > Reverted 'pkg-plist' > # cat pkg-plist | grep help.api > %%DRUPAL_BASE%%/modules/help/help.api.php Sorry for the delay, I thought I was cc'd on this but actually not. Portsnap run from last night. If I do make check-plist with just the Makefile and distinfo changes I now get this result (it passed before): ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist ===> Checking for directories owned by MTREEs ===> Checking for directories handled by dependencies ===> Checking for items in pkg-plist which are not in STAGEDIR Error: Missing: %%WWWDIR%%/modules/help/help.api.php ===> Error: Plist issues found. *** [check-plist] Error code 1 Stop in /usr/ports/local/drupal7. Note %%WWWDIR%% above. OK, but if I also remove %%DRUPALBASE%%/modules/help/help.api.php from the plist and re-run make check-plist, I still get the same error. I can't find help.api.php listed in any other files in the port . . . can you help with where my error is? The WWWDIR probably comes from the drupal infrastructure in /usr/ports/Mk/Uses/drupal.mk. If you're going to test changes to the plist, I think it's wise to do a full clean between changes, due to staging. If I clean, revert my plist, run the tests: it fails. If I clean again, remove help.api from my plist, run the tests: it works. Here's me testing with the old broken plist: > angst(/usr/ports/www/drupal7) # make clean > ===> Cleaning for drupal7-7.31 > > angst(/usr/ports/www/drupal7) # cat pkg-plist | grep help.api > %%DRUPAL_BASE%%/modules/help/help.api.php > > angst(/usr/ports/www/drupal7) # env DEVELOPER=yes make stage && make check-plist && make package > ===> License GPLv2 GPLv3 accepted by the user > <snip> > ====> Running Q/A tests (stage-qa) > ====> Checking for pkg-plist issues (check-plist) > ===> Parsing plist > ===> Checking for items in STAGEDIR missing from pkg-plist > ===> Checking for directories owned by MTREEs > ===> Checking for directories handled by dependencies > ===> Checking for items in pkg-plist which are not in STAGEDIR > Error: Missing: %%WWWDIR%%/modules/help/help.api.php > ===> Error: Plist issues found. > *** Error code 1 > > Stop. > make: stopped in /usr/ports/www/drupal7 > angst(/usr/ports/www/drupal7) # > Here's me testing with the fixed plist: > angst(/usr/ports/www/drupal7) # make clean > ===> Cleaning for drupal7-7.31 > > angst(/usr/ports/www/drupal7) # cat pkg-plist | grep help.api > angst(/usr/ports/www/drupal7) # > > angst(/usr/ports/www/drupal7) # env DEVELOPER=yes make stage && make check-plist && make package > ===> License GPLv2 GPLv3 accepted by the user > <snip> > ====> Running Q/A tests (stage-qa) > ====> Checking for pkg-plist issues (check-plist) > ===> Parsing plist > ===> Checking for items in STAGEDIR missing from pkg-plist > ===> Checking for directories owned by MTREEs > ===> Checking for directories handled by dependencies > ===> Checking for items in pkg-plist which are not in STAGEDIR > ===> No pkg-plist issues found (check-plist) > ===> Building package for drupal7-7.31 > angst(/usr/ports/www/drupal7) # All of this was performed with my patches applied to the Makefile and distfile. Thanks very much for the explanation. Note to self:: "make clean" between tests in future! Could we get a maintainer timeout on this patch now and get it committed? I'll work on this. A commit references this bug: Author: pi Date: Sat Oct 11 09:32:38 UTC 2014 New revision: 370630 URL: https://svnweb.freebsd.org/changeset/ports/370630 Log: www/drupal7: 7.28 -> 7.31 Changes: https://www.drupal.org/drupal-7.29-release-notes https://www.drupal.org/drupal-7.30-release-notes https://www.drupal.org/drupal-7.31-release-notes PR: 192099 Submitted by: simon.wright@gmx.net Approved by: miwi (timeout) Changes: head/www/drupal7/Makefile head/www/drupal7/distinfo head/www/drupal7/pkg-plist Committed, thanks for your patience. |