From kirk@kanga.honeypot.net  Sun Feb 16 14:15:36 2003
Return-Path: <kirk@kanga.honeypot.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 37EF137B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Feb 2003 14:15:36 -0800 (PST)
Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DEEBC43F93
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Feb 2003 14:15:34 -0800 (PST)
	(envelope-from kirk@kanga.honeypot.net)
Received: from kanga.honeypot.net (localhost [127.0.0.1])
	by kanga.honeypot.net (8.12.6/8.12.6) with ESMTP id h1GMFXa3023043
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Feb 2003 16:15:33 -0600 (CST)
	(envelope-from kirk@kanga.honeypot.net)
Received: (from root@localhost)
	by kanga.honeypot.net (8.12.6/8.12.6/Submit) id h1GMFXw3023042;
	Sun, 16 Feb 2003 16:15:33 -0600 (CST)
	(envelope-from kirk)
Message-Id: <200302162215.h1GMFXw3023042@kanga.honeypot.net>
Date: Sun, 16 Feb 2003 16:15:33 -0600 (CST)
From: Kirk Strauser <kirk@strauser.com>
Reply-To: Kirk Strauser <kirk@strauser.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Several issues with the www/zope port
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         48343
>Category:       ports
>Synopsis:       Several issues with the www/zope port
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    nbm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 16 14:20:02 PST 2003
>Closed-Date:    Fri Nov 21 10:55:02 PST 2003
>Last-Modified:  Fri Nov 21 10:55:02 PST 2003
>Originator:     Kirk Strauser <kirk@strauser.com>
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
The Strauser Group
>Environment:
System: FreeBSD kanga.honeypot.net 4.7-STABLE FreeBSD 4.7-STABLE #0: Tue Feb 11 18:38:37 CST 2003 root@kanga.honeypot.net:/usr/obj/usr/src/sys/HONEYPOT_KANGA i386


	
>Description:
There are several problems with upgrading the current www/zope port, ranging
from inconvenient (having to reset directory permissions to start the program)
to potentially disastrous (data loss, opening of security holes).  After
upgrading a pre-existing Zope installation:

1) Permissions are not compatible with starting Zope.  ${PREFIX}/www/Zope/var
is owned by `www' instead of `root', which causes this error message to be
logged to ${PREFIX}/www/Zope/var/zope-output (and Zope to refuse to start):

    IOError: [Errno 13] Permission denied: '/usr/local/www/Zope/var/pcgi.pid'

2) The port upgrade process overwrites ${PREFIX}/www/Zope/var/Data.fs with a
minimal new data store, effectively deleting every object previously held in
Zope.

3) The port overwrites ${PREFIX}/etc/rc.d/zope.sh, destroying any local
customizations.

4) The default setup doesn't allow Zope to be restarted from its own control
panel.  Attempts cause errors such as this in ${PREFIX}/www/Zop/var/pcgi.log:

    Sun Feb 16 16:05:12 2003
      pcgi-wrapper: Unknown error: 0  (116) unable to connect, fd=4
    Sun Feb 16 16:05:25 2003  unable to write to pid file: /usr/local/www/Zope/var/pcgi.pid
      Traceback (most recent call last):
      File "/usr/local/www/Zope/pcgi/pcgi_publisher.py", line 180, in initPCGI
        f = open(self.pidFile, 'wb')
    IOError: [Errno 13] Permission denied: '/usr/local/www/Zope/var/pcgi.pid'
    
    Sun Feb 16 16:05:38 2003
      pcgi-wrapper: Connection refused  (102) failure during connect

5) The port overwrites ${PREFIX}/www/Zope/access, which sets the default
emergency user's username and password to standard default values, potentially
opening a huge security hole if the sysadmin doesn't note the change.

	
>How-To-Repeat:
Install and configure Zope.  Use `portupgrade' to upgrade to a newer version
(I haven't tested this with a manual upgrade, but believe that the same
problems would occur.
	
>Fix:
1) chown root:wheel ${PREFIX}/www/Zope/var

2) Leave `Data.fs' alone.

3) Create/overwrite `zope.sh.sample' instead; let the sysadmins make copies
or symlinks as convenient.

4) I don't know.  This used to work, but doesn't anymore.

5) Leave `access' alone.
	

>Release-Note:
>Audit-Trail:

From: PieterB <pieterb@gewis.nl>
To: freebsd-gnats-submit@FreeBSD.org, kirk@strauser.com
Cc:  
Subject: Re: ports/48343: Several issues with the www/zope port
Date: Wed, 19 Feb 2003 15:37:14 +0100 (CET)

 Hi,
 
 Please also upgrade the port to Zope 2.6.1
 MD5 (zope/Zope-2.6.1-src.tgz) =  a17f36b86b6e489797d8e52f1ba48efe
 
 About 1). I would like to run Zope as user 'www' on port 8080 (using
 a 'sudo -u www ./start' in the zope-dir), but failed because of
 permissionproblems (couldn't access start-script as user www).  I
 fixed it using a radical 'chown www:www ${PREFIX}/www/Zope/'.
 
 I agree with 2) and 3) I can't reproduce 4). 
 
 About 5). I think it's best to check for inituser or access file. If it
 doesn't exist, 'python zpasswd.py inituser' should be run in the
 Zope-dir. This will ask the admin to fill in the necessary details.
 
 PieterB
 
 
 
 
 
 
Responsible-Changed-From-To: freebsd-ports-bugs->alane 
Responsible-Changed-By: arved 
Responsible-Changed-When: Fri Feb 28 13:05:18 PST 2003 
Responsible-Changed-Why:  
Over to Maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48343 

From: Tod McQuillin <devin@spamcop.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: ports/48343: Several issues with the www/zope port
Date: Mon, 17 Mar 2003 00:05:19 +0900 (JST)

 Here's a patch which addresses points 1 and 3 from the original PR as well
 as upgrades the port to zope 2.6.1.
 
 diff -ur zope-/Makefile zope/Makefile
 --- zope-/Makefile	Sat Mar  8 05:33:42 2003
 +++ zope/Makefile	Mon Mar 17 00:03:29 2003
 @@ -6,8 +6,7 @@
  #
 
  PORTNAME=	zope
 -PORTVERSION=	2.6.0
 -PORTREVISION=	1
 +PORTVERSION=	2.6.1
  CATEGORIES=	www python zope
  MASTER_SITES=	http://www.zope.org/Products/Zope/${PORTVERSION}/
  DISTNAME=	Zope-${PORTVERSION}-src
 @@ -38,7 +37,7 @@
  ZOPE_FTP_PORT?=		8021
  ZOPE_MONITOR_PORT?=	''
 
 -ZOPE_USER=	www
 +ZOPE_USER?=	www
 
  # Don't change these.
  ZOPEBASEDIR=	${PREFIX}/${SZOPEBASEDIR}
 @@ -93,6 +92,7 @@
  		${RM} Zope.cgi.orig )
  	@(cd ${ZOPEBASEDIR}/pcgi/Test && ${RM} *.o)
  	@(cd ${ZOPEBASEDIR}/pcgi && ${RM} *.o)
 +	@(cd ${ZOPEBASEDIR} && ${RM} -rf lib/python/build)
  	@#
  	@(cd ${ZOPEBASEDIR} && \
  		${MV} Zope.cgi \
 @@ -103,7 +103,7 @@
  	@#
  	@${ECHO} "===>   Fixing permissions of Zope's own var directory..."
  	@${CHMOD} ugo+rwt ${ZOPEBASEDIR}/var
 -	@${CHOWN} ${ZOPE_USER} ${ZOPEBASEDIR}/var
 +	@${CHOWN} root ${ZOPEBASEDIR}/var
  	@${CHOWN} ${ZOPE_USER} ${ZOPEBASEDIR}/var/*
  	@${RM} ${ZOPEBASEDIR}/var/.cvsignore
  	@if [ -e ${ZOPEBASEDIR}/var/Data.fs.preserve ] ; then \
 @@ -134,9 +134,9 @@
  		-e "s|%%ZOPE_HTTP_PORT%%|${ZOPE_HTTP_PORT}|g" \
  		-e "s|%%ZOPE_FTP_PORT%%|${ZOPE_FTP_PORT}|g" \
  		-e "s|%%ZOPE_MONITOR_PORT%%|${ZOPE_MONITOR_PORT}|g" \
 -		< ${FILESDIR}/zope.sh.in > ${PREFIX}/etc/rc.d/zope.sh
 -	@${CHMOD} ug+x,o-rwx ${PREFIX}/etc/rc.d/zope.sh
 -	@${ECHO} "===>  Done with ${PREFIX}/etc/rc.d/zope.sh."
 +		< ${FILESDIR}/zope.sh.in > ${PREFIX}/etc/rc.d/zope.sh.sample
 +	@${CHMOD} ug+x,o-rwx ${PREFIX}/etc/rc.d/zope.sh.sample
 +	@${ECHO} "===>  Done with ${PREFIX}/etc/rc.d/zope.sh.sample"
  	@${CAT} ${FILESDIR}/Message
  	@${ECHO} "===>   Your Zope base directory is ${ZOPEBASEDIR}."
  	@${ECHO} "===>   The Zope license is in ${ZOPEBASEDIR}/LICENSE.txt."
 diff -ur zope-/distinfo zope/distinfo
 --- zope-/distinfo	Mon Jan 13 09:30:30 2003
 +++ zope/distinfo	Sun Mar 16 17:52:44 2003
 @@ -1 +1 @@
 -MD5 (zope/Zope-2.6.0-src.tgz) = a0bb91ca1df775aebfc8ff8c46afa3a9
 +MD5 (zope/Zope-2.6.1-src.tgz) = a17f36b86b6e489797d8e52f1ba48efe
 diff -ur zope-/pkg-plist zope/pkg-plist
 --- zope-/pkg-plist	Mon Jan 13 09:30:31 2003
 +++ zope/pkg-plist	Mon Mar 17 00:01:50 2003
 @@ -1,10 +1,11 @@
  %%APACHE_CONFDIR%%/apache.conf.Zope-Changes
 -etc/rc.d/zope.sh
 +etc/rc.d/zope.sh.sample
  %%ZOPEBASEDIR%%/var/Data.fs
  %%ZOPEBASEDIR%%/var/Data.fs.in
  @exec if [ ! -f %B/Data.fs ]; then cp %B/%f %B/Data.fs; fi
  %%ZOPEBASEDIR%%/Extensions/README.txt
  %%ZOPEBASEDIR%%/LICENSE.txt
 +%%ZOPEBASEDIR%%/Makefile
  %%ZOPEBASEDIR%%/README.txt
  %%ZOPEBASEDIR%%/ZServer/DebugLogger.py
  %%ZOPEBASEDIR%%/ZServer/DebugLogger.pyc
 @@ -514,6 +515,8 @@
  %%ZOPEBASEDIR%%/lib/python/BTrees/__init__.pyc
  %%ZOPEBASEDIR%%/lib/python/BTrees/_fsBTree.c
  %%ZOPEBASEDIR%%/lib/python/BTrees/_fsBTree.so
 +%%ZOPEBASEDIR%%/lib/python/BTrees/check.py
 +%%ZOPEBASEDIR%%/lib/python/BTrees/check.pyc
  %%ZOPEBASEDIR%%/lib/python/BTrees/convert.py
  %%ZOPEBASEDIR%%/lib/python/BTrees/convert.pyc
  %%ZOPEBASEDIR%%/lib/python/BTrees/intkeymacros.h
 @@ -526,6 +529,7 @@
  %%ZOPEBASEDIR%%/lib/python/BTrees/tests/testBTreesUnicode.py
  %%ZOPEBASEDIR%%/lib/python/BTrees/tests/testConflict.py
  %%ZOPEBASEDIR%%/lib/python/BTrees/tests/testSetOps.py
 +%%ZOPEBASEDIR%%/lib/python/BTrees/tests/test_check.py
  %%ZOPEBASEDIR%%/lib/python/ComputedAttribute.so
  %%ZOPEBASEDIR%%/lib/python/DateTime/DateTime.html
  %%ZOPEBASEDIR%%/lib/python/DateTime/DateTime.py
 @@ -697,6 +701,8 @@
  %%ZOPEBASEDIR%%/lib/python/Interface/tests/testVerify.py
  %%ZOPEBASEDIR%%/lib/python/Interface/tests/testVisitImplements.py
  %%ZOPEBASEDIR%%/lib/python/Interface/tests/unitfixtures.py
 +%%ZOPEBASEDIR%%/lib/python/Lifetime.py
 +%%ZOPEBASEDIR%%/lib/python/Lifetime.pyc
  %%ZOPEBASEDIR%%/lib/python/LOG.py
  %%ZOPEBASEDIR%%/lib/python/LOG.pyc
  %%ZOPEBASEDIR%%/lib/python/Main.py
 @@ -1852,6 +1858,8 @@
  %%ZOPEBASEDIR%%/lib/python/Shared/DC/xml/xyap.pyc
  %%ZOPEBASEDIR%%/lib/python/Shared/__init__.py
  %%ZOPEBASEDIR%%/lib/python/Shared/__init__.pyc
 +%%ZOPEBASEDIR%%/lib/python/Signals/SignalHandler.py
 +%%ZOPEBASEDIR%%/lib/python/Signals/SignalHandler.pyc
  %%ZOPEBASEDIR%%/lib/python/Signals/Signals.py
  %%ZOPEBASEDIR%%/lib/python/Signals/Signals.pyc
  %%ZOPEBASEDIR%%/lib/python/Signals/__init__.py
 @@ -2298,10 +2306,22 @@
  %%ZOPEBASEDIR%%/lib/python/ZTUtils/tests/testBatch.py
  %%ZOPEBASEDIR%%/lib/python/ZTUtils/tests/testIterator.py
  %%ZOPEBASEDIR%%/lib/python/ZTUtils/tests/testTree.py
 +%%ZOPEBASEDIR%%/lib/python/Zope/App/ClassFactory.py
 +%%ZOPEBASEDIR%%/lib/python/Zope/App/ClassFactory.pyc
 +%%ZOPEBASEDIR%%/lib/python/Zope/App/__init__.py
 +%%ZOPEBASEDIR%%/lib/python/Zope/App/__init__.pyc
 +%%ZOPEBASEDIR%%/lib/python/Zope/App/startup.py
 +%%ZOPEBASEDIR%%/lib/python/Zope/App/startup.pyc
  %%ZOPEBASEDIR%%/lib/python/Zope/ClassFactory.py
  %%ZOPEBASEDIR%%/lib/python/Zope/ClassFactory.pyc
  %%ZOPEBASEDIR%%/lib/python/Zope/__init__.py
  %%ZOPEBASEDIR%%/lib/python/Zope/__init__.pyc
 +%%ZOPEBASEDIR%%/lib/python/ZopeUndo/Prefix.py
 +%%ZOPEBASEDIR%%/lib/python/ZopeUndo/Prefix.pyc
 +%%ZOPEBASEDIR%%/lib/python/ZopeUndo/__init__.py
 +%%ZOPEBASEDIR%%/lib/python/ZopeUndo/__init__.pyc
 +%%ZOPEBASEDIR%%/lib/python/ZopeUndo/tests/__init__.py
 +%%ZOPEBASEDIR%%/lib/python/ZopeUndo/tests/testPrefix.py
  %%ZOPEBASEDIR%%/lib/python/dcdb.py
  %%ZOPEBASEDIR%%/lib/python/dcdb.pyc
  %%ZOPEBASEDIR%%/lib/python/initgroups.so
 @@ -2484,7 +2504,9 @@
  @dirrm %%ZOPEBASEDIR%%/lib/python/webdav/www
  @dirrm %%ZOPEBASEDIR%%/lib/python/webdav/dtml
  @dirrm %%ZOPEBASEDIR%%/lib/python/webdav
 -@dirrm %%ZOPEBASEDIR%%/lib/python/build
 +@dirrm %%ZOPEBASEDIR%%/lib/python/ZopeUndo/tests
 +@dirrm %%ZOPEBASEDIR%%/lib/python/ZopeUndo
 +@dirrm %%ZOPEBASEDIR%%/lib/python/Zope/App
  @dirrm %%ZOPEBASEDIR%%/lib/python/Zope
  @dirrm %%ZOPEBASEDIR%%/lib/python/ZTUtils/tests
  @dirrm %%ZOPEBASEDIR%%/lib/python/ZTUtils
Responsible-Changed-From-To: alane->freebsd-ports-bugs 
Responsible-Changed-By: alane 
Responsible-Changed-When: Sat Apr 12 20:35:58 PDT 2003 
Responsible-Changed-Why:  
I no longer maintain zope. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48343 
Responsible-Changed-From-To: freebsd-ports-bugs->nbm 
Responsible-Changed-By: nbm 
Responsible-Changed-When: Wed Aug 27 11:39:31 PDT 2003 
Responsible-Changed-Why:  
I'll take a look at this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48343 
State-Changed-From-To: open->feedback 
State-Changed-By: nbm 
State-Changed-When: Thu Aug 28 11:56:01 PDT 2003 
State-Changed-Why:  
I believe I've sorted out all your issues in my recent commit. 
Can you please check it out and give me some feedback? 

Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48343 
State-Changed-From-To: feedback->closed 
State-Changed-By: nbm 
State-Changed-When: Fri Nov 21 10:53:22 PST 2003 
State-Changed-Why:  
iFeedback timeout 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48343 
>Unformatted:
