Apr 232013
 

This just came to my attention. The processing of pkg-descr since we moved to using a jail-based solution is wrong. The function which reads and processes the contents of pkg-descr is not using the jail to read the file. I’ll fix the bug soon, and refresh all commits which touched pkg-descr.

Noted by koobs with respect to security/py-pycrypto.

I think this is the fix:

$ cvs di -u port.pm
Index: port.pm
===================================================================
RCS file: /home/repositories/freshports-1/scripts/port.pm,v
retrieving revision 1.72
diff -u -r1.72 port.pm
--- port.pm     23 Mar 2013 20:48:17 -0000      1.72
+++ port.pm     23 Apr 2013 15:26:52 -0000
@@ -665,7 +665,7 @@
                my $longdescription = '';
                my $homepage        = '';
                if (defined($RealDescrPath) && -f $RealDescrPath) {
-                       print "invoking _GetDescrAndHomePage()\n";
+                       print "invoking _GetDescrAndHomePage() with '$RealDescrPath'\n";
                        ($longdescription, $homepage) = _GetDescrAndHomePage($RealDescrPath);
                }

@@ -989,7 +989,8 @@
        my $url;
        my $DESCR;

-       open (F,$file) || FreshPorts::Utilities::ReportError('warning', "couldn't open $file: $!", 1);
+       # this needs to open relative to the jail root.
+       open (F, $FreshPorts::Config::JailBaseDir . $file) || FreshPorts::Utilities::ReportError('warning', "couldn't open $file: $!", 1);
        $DESCR = "";

        while(<F>){

Update 2013-14-23 2150

The dev website has been updated.

Update 2013-14-24 0615

The beta website has been updated.

Update 2013-14-24 0625

The prod website has been updated.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive